Borgmatic improvements (very old changes I forgot to merge) #84
96 changed files with 1852 additions and 1267 deletions
|
@ -3,9 +3,7 @@ skip_list:
|
||||||
- load-failure
|
- load-failure
|
||||||
- document-start
|
- document-start
|
||||||
- meta-no-info
|
- meta-no-info
|
||||||
|
- ignore-errors
|
||||||
warn_list:
|
|
||||||
- experimental # all rules tagged as experimental
|
|
||||||
|
|
||||||
exclude_paths:
|
exclude_paths:
|
||||||
- group_vars/all/vault.yml
|
- group_vars/all/vault.yml
|
||||||
|
|
|
@ -5,8 +5,7 @@ name: check
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: ansible and yaml linting
|
- name: ansible and yaml linting
|
||||||
pull: never
|
image: quay.io/ansible/toolset:3.5.0
|
||||||
image: aurore-ansible-lint-image
|
|
||||||
commands:
|
commands:
|
||||||
- ansible-lint
|
- ansible-lint
|
||||||
...
|
...
|
||||||
|
|
12
README.md
12
README.md
|
@ -2,8 +2,9 @@
|
||||||
|
|
||||||
# Recettes Ansible d'Aurore
|
# Recettes Ansible d'Aurore
|
||||||
|
|
||||||
Ensemble des recettes de déploiement Ansible pour les serveurs d'Aurore.
|
Dépendances requises :
|
||||||
Pour les utiliser, vérifiez que vous avez au moins Ansible 2.7.
|
|
||||||
|
* Ansible 2.9 ou plus récent.
|
||||||
|
|
||||||
## Ansible 101
|
## Ansible 101
|
||||||
|
|
||||||
|
@ -88,8 +89,11 @@ On va utiliser plutôt `ProxyJump`.
|
||||||
Dans la configuration SSH :
|
Dans la configuration SSH :
|
||||||
|
|
||||||
```
|
```
|
||||||
# Use a proxy jump server to log on all Aurore inventory
|
Host *.adm.auro.re *.pve.auro.re
|
||||||
Host 10.128.0.* *.adm.auro.re
|
# Accept new host keys
|
||||||
|
StrictHostKeyChecking accept-new
|
||||||
|
|
||||||
|
# Use passerelle to connect to administration VLANs
|
||||||
ProxyJump passerelle.auro.re
|
ProxyJump passerelle.auro.re
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
14
ansible.cfg
14
ansible.cfg
|
@ -2,6 +2,9 @@
|
||||||
|
|
||||||
[defaults]
|
[defaults]
|
||||||
|
|
||||||
|
# Explicitly redefine some defaults to make subfolder execution work
|
||||||
|
roles_path = ./roles
|
||||||
|
|
||||||
# Do not create .retry files
|
# Do not create .retry files
|
||||||
retry_files_enabled = False
|
retry_files_enabled = False
|
||||||
|
|
||||||
|
@ -9,7 +12,7 @@ retry_files_enabled = False
|
||||||
inventory = ./hosts
|
inventory = ./hosts
|
||||||
|
|
||||||
# Custom header in templates
|
# Custom header in templates
|
||||||
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S by {uid}
|
ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
|
||||||
|
|
||||||
# Do not use cows (with cowsay)
|
# Do not use cows (with cowsay)
|
||||||
nocows = 1
|
nocows = 1
|
||||||
|
@ -20,19 +23,12 @@ forks = 15
|
||||||
# Some SSH connection will take time
|
# Some SSH connection will take time
|
||||||
timeout = 60
|
timeout = 60
|
||||||
|
|
||||||
[privilege_escalation]
|
remote_user = root
|
||||||
|
|
||||||
# Use sudo to get priviledge access
|
|
||||||
become = True
|
|
||||||
|
|
||||||
# Ask for password
|
|
||||||
become_ask_pass = True
|
|
||||||
|
|
||||||
[diff]
|
[diff]
|
||||||
|
|
||||||
# TO know what changed
|
# TO know what changed
|
||||||
always = yes
|
always = yes
|
||||||
|
|
||||||
|
|
||||||
[ssh_connection]
|
[ssh_connection]
|
||||||
pipelining = True
|
pipelining = True
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: perceval.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- borgbackup_server
|
|
||||||
|
|
||||||
- hosts: all,!unifi,!unifi-*,!wiki.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- borgbackup_client
|
|
||||||
...
|
|
7
bdd.yml
7
bdd.yml
|
@ -1,7 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Install and configure bdd servers at Saclay and at OVH
|
|
||||||
- hosts: bdd,!re2o-bdd.adm.auro.re,!services-bdd-local.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- postgresql_server
|
|
||||||
...
|
|
|
@ -15,6 +15,6 @@ for host in $HOSTS; do
|
||||||
|
|
||||||
# sshpass can be used for non-interactive password authentication.
|
# sshpass can be used for non-interactive password authentication.
|
||||||
# place your password in ldap-password.txt.
|
# place your password in ldap-password.txt.
|
||||||
SSHPASS=${passwd} sshpass -v -e ssh-copy-id -i ~/.ssh/id_rsa "$host"
|
SSHPASS=${passwd} sshpass -v -e ssh-copy-id "$host"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
3
deploy_all.sh
Executable file
3
deploy_all.sh
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Deploy all playbooks
|
||||||
|
ansible-playbook playbooks/*.yml $@
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
# Deploy a correclty configured postfix on non mailhost servers
|
|
||||||
- hosts: all,!unifi
|
|
||||||
vars:
|
|
||||||
local_network: 10.128.0.0/16
|
|
||||||
relay_host: proxy.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- postfix_non_mailhost
|
|
|
@ -1,7 +0,0 @@
|
||||||
FROM python:3.9-alpine
|
|
||||||
LABEL description="Aurore's docker image for ansible-lint"
|
|
||||||
|
|
||||||
RUN apk add --no-cache gcc musl-dev python3-dev libffi-dev openssl-dev cargo
|
|
||||||
RUN pip install --no-cache-dir "yamllint>=1.26.0,<2.0"
|
|
||||||
RUN pip install --no-cache-dir "ansible-lint==5.0.0"
|
|
||||||
RUN pip install --no-cache-dir "ansible>=2.10,<2.11"
|
|
|
@ -1,18 +0,0 @@
|
||||||
# Ansible-lint image
|
|
||||||
|
|
||||||
In order to build this image when a new version comes out, you need to
|
|
||||||
1. ssh into the `drone.adm.auro.re` server
|
|
||||||
2. git pull this repo to the lastest version
|
|
||||||
3. optionally make the changes if it has not been done yet
|
|
||||||
4. `sudo docker build -t aurore-ansible-lint-image docker-ansible-lint/`
|
|
||||||
5. ???
|
|
||||||
6. enjoy
|
|
||||||
|
|
||||||
You can verify that the image was correclty built by running
|
|
||||||
```
|
|
||||||
# list the images present
|
|
||||||
sudo docker image ls
|
|
||||||
|
|
||||||
# run your image with an interactive shell
|
|
||||||
sudo docker run -it --rm aurore-ansible-lint-image /bin/sh
|
|
||||||
```
|
|
|
@ -18,16 +18,6 @@ ldap_admin_hashed_passwd: "{{ vault_ldap_admin_hashed_passwd }}"
|
||||||
|
|
||||||
# Databases
|
# Databases
|
||||||
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
postgresql_services_url: 'bdd-ovh.adm.auro.re'
|
||||||
postgresql_synapse_passwd: "{{ vault_postgresql_synapse_passwd }}"
|
|
||||||
postgresql_codimd_passwd: "{{ vault_postgresql_codimd_passwd }}"
|
|
||||||
postgresql_etherpad_passwd: "{{ vault_postgresql_etherpad_passwd }}"
|
|
||||||
postgresql_kanboard_passwd: "{{ vault_postgresql_kanboard_passwd }}"
|
|
||||||
postgresql_grafana_passwd: "{{ vault_postgresql_grafana_passwd }}"
|
|
||||||
postgresql_cas_passwd: "{{ vault_postgresql_cas_passwd }}"
|
|
||||||
postgresql_drone_passwd: "{{ vault_postgresql_drone_passwd }}"
|
|
||||||
postgresql_wikijs_passwd: "{{ vault_postgresql_wikijs_passwd }}"
|
|
||||||
postgresql_nextcloud_passwd: "{{ vault_postgresql_nextcloud_passwd }}"
|
|
||||||
postgresql_gitea_passwd: "{{ vault_postgresql_gitea_passwd }}"
|
|
||||||
|
|
||||||
# Scripts will tell users to go there to manage their account
|
# Scripts will tell users to go there to manage their account
|
||||||
intranet_url: 'https://re2o.auro.re/'
|
intranet_url: 'https://re2o.auro.re/'
|
||||||
|
|
|
@ -1,214 +1,224 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
65616665376265626636393064366339323264623332323337356438303634646361303530626536
|
66666438656133326638326138663066643238626366633137646134376233336639326365653163
|
||||||
3134646236376339666130646239626333613866383766340a366465373839396639623862636436
|
3737613361383538663934626164356535313133643730610a663634653164623665336136326430
|
||||||
34336636326332313432373162356565383034636366613135353037393138363466626235353261
|
63383735653262393538383663653966623462326332653163316138313832346532326535336263
|
||||||
3634306231333966350a323133396531626565633433313761343433303964316163643365626466
|
6638373331343838610a323166393664633431323461396135653464396236333235333134613834
|
||||||
33376632643937663566386232383161303231326638356338383536626531313462636335363166
|
37333866663935653832613036643131306333653565623261346134396534316163366636363134
|
||||||
35353138393964663063613331386138363030356661633530313533336138336362306437626431
|
34653939363835303037666333623230643339333165613265653638376234646438393630383165
|
||||||
34613435383966333538363734613730386634393532653334393766613262666434303666386537
|
38376162626538383263626664373634343063623630326334313265323330656465343865306361
|
||||||
33643832653236313136663761613762656334356466623431383533333563646135336332653331
|
37643835366461353335626639646430633135616130646638376461316434306537346532353630
|
||||||
39376164363533383930343237366638323534313232613561643936336330353538393136363534
|
31373039303862613264653836313763333566663065383361343261343462633934343139326135
|
||||||
37353536623939386131616638623531326531316233656166383133316564393731623366353833
|
66393363393962636438383362613162303931316337626665336362633030653430346436326530
|
||||||
31613665303532303435363765373434653933386530356433653061623232306239316534653432
|
62326664396534626664383834613936356462393163666431333731613339353038336634623532
|
||||||
39663938616637363238623866303439326666303438613066633866343830303762633233383333
|
33633432363730616439386536626163383563333265386134356231376665336332376439333232
|
||||||
65343332616430613839636337396238666466666430383031663939323239383964346638356538
|
31336466633135646461373364363534636439356137616632616431363638386234303637626537
|
||||||
65306463303330373534316438313932373864626637643935636165333835373662623737613734
|
37653332366234386562656365333533326539353837343631636662666236643761323463376137
|
||||||
36373161386163383831623065323763356637313364303539343763653065383139623934353638
|
35343834636562646339316139613265393736376265636564386639646537323136616464306630
|
||||||
34373861616336363861363761373665393465623566393063346331333861326337316363373163
|
66333065323533663536336238356537373030333630626464363731313533313537346138616664
|
||||||
31633532373966656565303866653335356364633063313665386335663863363163303431656165
|
34313635636664636135633035356666613261373065636462306438386461663361326132363439
|
||||||
61383231666665346162303635393838323462613261663231356531393734313063663231616632
|
34396162373635313732653039326639366362653962376135613636396639656634313234396136
|
||||||
30343562366433363261393037313062343036663139353431663330383263316662313330636534
|
65363639393532653237613237313563343865613833373562643764333930326539303138636166
|
||||||
33666463393664636538376365663236613536633663303738373034303136383939343039316463
|
39313565653462613337616263663739333136393966663664653335333237626565636462663261
|
||||||
38363731333435333262383064336138303062303836303735383836626430623738666635383637
|
62313831663732616133396662343332353365356162353436333135393738323761363164653161
|
||||||
36383031646561666632666339616632366138383534393030636331323037643564306363303864
|
64393137343738393939316532613639373430656630386532366136393235383063626433396338
|
||||||
33616664326330656136336538363539623039376565383166373032386230383639326564343961
|
66373337343232343964326435653039386338623166616537383466653030613361396462323038
|
||||||
39623465366233383663383433313862306366643432623130363037643033366531376163386165
|
33623637323135313664306538323137333763653263326533323039373139396633313135333166
|
||||||
64353930386233373561356530316361623665643531333632376266633963303262346532386633
|
38356236653731373132353063643038623866653330623537356230306563646262343531333830
|
||||||
34363938363765313366636134636364616634393061333264386262386261383236386532393966
|
38626161393330303161313932616531326331633938656236313166313035613163323539353535
|
||||||
62636332633165383730313365366631303032336339346138633231656165646465643039666362
|
63343136643361333431353762643631643262633266346139353165393962326634363764373930
|
||||||
39613534303532616433646433616261653739663366383566303862386666383363633736306265
|
30363463623434633032366338316332313736656465366461633864373236653863393637636330
|
||||||
65366434626634303033616463316433393730373034666463663333376633656630386665313934
|
34313936666432363562633531666466356633616664663063363263356632343931333766663466
|
||||||
36626337383236373533623830326134303931653434613837353961366130623665623336303139
|
64633438333436623639333036636633366337383065313162666231613337306532653335363739
|
||||||
63616265366638393064666166343331306530313438636436306264636235643762623564653762
|
36356139303461336139323963383465376366633064343031303864373735656430666261643565
|
||||||
65393435363564366266313161393631383836396464643635643361363034306134626535353962
|
61323236623330636561653962323738323332383331303335663036626638383334333730303965
|
||||||
63393530313438383731303666343637303666616239643334626338393864613635363330653062
|
33383063323438393532306330393366326561323632623238613836396635656631373430343662
|
||||||
31633030396362666237376232306238373065616238373934313930313234353433343934363432
|
39333464643037666233373565633132386233353333313135306133343765373565393937656163
|
||||||
35633636656632643964613431333435656532653038373532343036396136636231306436326639
|
38316238383832343063666334663733313162303337313262666430363538626134313065373336
|
||||||
36376163656634303236396133316664613164346661346565646165303664343735303233636164
|
32393763633530326161333861333137363066366332613963393734663130613735393764653334
|
||||||
38393361343561396336333133326539346561373038613265666364316630363339336565363265
|
39613439643364333665383465633765363063313536383835303964363731376165383830616265
|
||||||
64623063346232346334373836346231353336383931393663373365623838363036643232646330
|
39663762306232646533353963353663343832353739333132366662306335313435663434383431
|
||||||
37303139663166653634336363626637653666363965383632313261326530323236303961343130
|
36323032333731373032313263396565643561656531643462613931313435616438366132393135
|
||||||
39663165303836346339396536313137636462373765313135303039386339393536303263636236
|
34303334383662386261386537373438373334623235643037613136653639353164353763613965
|
||||||
31333534323735373638666364643365396435636533393932643432386630663135633839643965
|
62346231613333353331376433633633353537646639393739356137316131313536343736366532
|
||||||
34346330613132383533393361626333636132616130343266663835616534616562646366366336
|
62313438326264303638323832653232643266626561303032666432353935396262316538333361
|
||||||
38303337373331303638643639373535633331626461613862333562653165306663383237383232
|
39323138313234363764303036656631323636626633316436626637333863383230613132353563
|
||||||
63303331656338656137613162323138333661613834323863633265353737633666336263636665
|
30623161643535643431663535386130643662616263343535326433353764626264343937383730
|
||||||
34393064376330306562343930376337626165373562336630633938316566343434633734613561
|
66616433623234316262343531643531396662356135336336356233393438656263316138613138
|
||||||
39363531383233666437373562663136303834373838383632356436643638306633346434316362
|
62323432306563313462366464653965663137383536633437653135343739393839343335366634
|
||||||
63343866353465396630383562306230313737353863363935346630396134393534353531336535
|
30333834656335383763643637366565633339386330386237313236373463353663363463616636
|
||||||
65366634316230323264366662376133303565626638386635616536303839363737663538353338
|
61326539363461343639366534643363353038663539366565653234646332626661613333336563
|
||||||
32663834636363643034316165303164386430346663303635323634373465326537653132366230
|
63663939343465366565653665376237313366376162363833366666373264383131386531396436
|
||||||
38376361663233646266663330363236666533663861303365303833386465653864656331616162
|
36383430613036633734346561633366613731373133373261626331336266383133653735646638
|
||||||
66323532643737643539643562653335393338643465373838656464326133393466373733343666
|
64353266653531613264373864353631626331343166656263303165326665326163313539336230
|
||||||
39613331376538653934333061376664323230636663336232333361623136393836326262336430
|
33656438613833306538643737663763343836393234633630633665393631373736353963343431
|
||||||
35663930336364376230356537326131323666343330373030303765653763323863646631666136
|
63666366303230386336363933613935313636316361346632626561376562386264666464333639
|
||||||
39623936613762393332303763633966303966396536643236366534316539386136633230653433
|
65396136623735326462316565356337363537343764653562653731386136366537306137666438
|
||||||
65326634323062313730376338343965386338306135393033333161313839333963326134653966
|
63646364646138316264336334363437363638393561343138323762626666643039633130623537
|
||||||
66363365353537323034646537633331336134363239393465363164663263313731666335613032
|
62363938323136326134633039646464353262393731313962373032623966343264333661393934
|
||||||
61643935623064626464346430353033313961326164316637316664363830633137383335316538
|
38336435346161306238373963396265376263336632646436663837356331663138366561316433
|
||||||
31646133623461386434343663313365376230613237326638393464366166633635646462373939
|
36623139336231366632323133623639356633393035333761363630633563306436326361306662
|
||||||
31313165616363373730393733386430633065373433643935643931363965393465323264626164
|
31383261343035636164313463333532373064393765363332336465663430326164373538333530
|
||||||
65333431653566646134646132626136323035323362313163303463393962306631363631383762
|
62393131666539343933393339306466336235396430326265656661643865663362616332343065
|
||||||
63333063633934646332303966666461663566626564643365643232323732646530303834616639
|
66613561326162313235613131336130333565363263343665373565386164376165646136386136
|
||||||
63616262316563636636613764663563323063636331643063373364373337373664333763363464
|
65656361316138303865636462326331353934376365613665316538616164646433356262663931
|
||||||
31346663633866653162323934613532333934626430643138613631653164343063323661383163
|
65363166386139383736643664353266613133353263313336613361616237633066356562616534
|
||||||
36633431376463633334306663346462373166613531663064323238323434346439333936313539
|
61303038666338313063383431313239393062653661393336333938663937306536383431646632
|
||||||
33663036663234383934626661383530666566323336363734336265346235306135336136373864
|
63623031323034643664663134626433323466376133636330316533663462383736623463633332
|
||||||
38313937663965313334653139366430316632313737303639636135666235346633303861626430
|
32373166313562613461643163366563656638346464343064636632373835393236336438633061
|
||||||
34373938633331666535336438313363626636363063333265316166333562616330306563386335
|
63363363353437356339643333356531633033376230313330393365626164666335623262313533
|
||||||
65366366303937376438313032643037656465393263393434623462336430393031373433383532
|
65373234346666663264373238663430373262313435316134313832303964656330386431663833
|
||||||
66306566656437323530323434353835303838303438613662356134343136386630643338333264
|
33313363366566303535326365353135303863363534646439626664323032346664656530396530
|
||||||
30643039666535323736303930336239643730653233393538633235303938623161343437616136
|
37633666383162343231333464633439643637356437383866303235616462346664316363336132
|
||||||
34613337383363656536373737396261396261653264373362313161336435623466366436623736
|
62376661323764323936666165366566636531363736306561663934653533653433666466343438
|
||||||
61313036383063656537613664633437336361396665633764313062396265323766346363656666
|
35306130323336613764633438626339636531626135373530373066363839313132346538613836
|
||||||
33656130316566633563353631323438343532393563633830343131653063353331323961343636
|
65623635346233363331633261303761393466636137346331383038613739636366616164306265
|
||||||
38303239623566383337356262313538316437323731326166366139623665356132313563663734
|
35646333653666373930303535643961343832653062303736613436666661323965373433363537
|
||||||
34353065316164653638313439303466316338373565323435343937653632313566656438333730
|
35626533386162333364333538653166663838613433353138396661303930613838623635636366
|
||||||
62373366333335643366356438613838373963363436393035623132626233373830666238323464
|
37626662303434303331666437363138336261303031343964383364313239623739343233353636
|
||||||
33356562636261376665303262633665323830316137306239626432323330393863613938313539
|
34373433343539613664313164653364353835346263643031626434333037353766376233663236
|
||||||
33613438373733633661633266353866373834346436383466636138393736373638623136383639
|
61313735303437393230663766323262383130623039393637633039316335383032346261323534
|
||||||
38653439373230353265386166663562633738306232623132636333396135343461646136303162
|
35656666306262353638623638366339353364383939306330343430366631386161343061346462
|
||||||
36343636306333376564383764356433653362356434306566376565653736643035336433303331
|
31623431626239376538663463393265366430626565396266393063646532353563663630623363
|
||||||
38626430623633313336653261633834323430323137313533333166393966633662613561643863
|
36663436346161303066633435353863663163376231303732363563313263326637346234666231
|
||||||
65653237636436373739633862313132623831623461643063626361613231343537383032346132
|
37656331623838366535303863376233356336613237353966653334343835613738343435646630
|
||||||
61383666383134373061643061656164366364656231343434616366356237303766343166613964
|
31353731613934653462356630313164313262363966356336323437653037386234303531636465
|
||||||
36376461366663373132326263616263316663323039626239643361363362306334633636343064
|
39393433373931393234633363383864336465346434333436643139643437656238623737363630
|
||||||
66336533626562323832633133653366323137616431363566653561363233626239616262346165
|
35656334396438623132373164366464646462353033623965663963633437356337346636633563
|
||||||
30396466343639383665383762383765396638323761653065356339343965373032306136656563
|
30376236303661323764643536353230373333316237323065616366363262643765666433623735
|
||||||
31353033343532366339303331366235373838356461353564623430333561356635336163396466
|
64323663666434653761313431333131343536626537393161373063363163393563343465633664
|
||||||
38303438616436383763386538663039393862636333326630623862353732343961646162653933
|
61356637636161386362363065313730366362373833633830353466356435323533356335636138
|
||||||
35633235303530353065343434333164306530363839663366316235333563663965623934383634
|
64346266316530376437663336663161376330326331663664653634633537613835366233356132
|
||||||
32616565313232373964366163323739353261643432363037666639663664303861383033333462
|
62636337613966306439613666336539313866323465366235396630353461613339623830336332
|
||||||
62333633626263393637306365353565306636386238613365643537353861396638643065616236
|
31653865663734616462356637303332303339393937313031326330373639643934326336366431
|
||||||
63303130313363326333663936393765623930636331663837313835333862386263303238386262
|
61383465373564393337333137616432626233306631623463316131633331346465646632326231
|
||||||
35646634663163626438356536346239666461306462326465613339653337326436356638323666
|
32616261666531613265383536653139653335616130333030363433646561336634643464646164
|
||||||
38323134396238356532623430303233303636343839646436363066383136366436336536313766
|
61383536336139376134336662353931623365353238333835353731373031323535373764303235
|
||||||
33373036386465623737316435643430616434336165343832386539666432613365326664663237
|
39656362383665366463363730356264313564313035393332353136323763373538643864663966
|
||||||
61333166343438313131643635663234626638623139363034616263643463356632353932383938
|
35313364323863643063353261613036346533326336633562623730363661333336336266626562
|
||||||
61383065343231633438313536633039633266323563336531663365326137666535623230336134
|
35373037366166323363343362616562346264626564356631303463636432343635383965633136
|
||||||
34646661306330653631383364343566386531313137643233376265313461396538373132396366
|
35663632306465353533383166666230363635326637656561333137366263376261383562386538
|
||||||
66313534386133346161373130386465383139623831653566326434646461306139633433656630
|
63613563663463643737333537646335353137333434313363656531333465623562653864306665
|
||||||
64623164376361643062396139356464373131653036336361623738633263326234323066613661
|
34313736346131636261663035326361613036393433346233373963333134616235393532333763
|
||||||
31306163313038333861656561356661383436363534366665376362346661616464633065303234
|
62313136623031393364316361663536353063383065613334663239353932646230306461333764
|
||||||
61616237313434363761636261313630356639346434636465363763373235636462666338343265
|
62306532653130353032306530636164363730323538613965323661393439613161356237656335
|
||||||
34336533376366393339306539633238326663656266373965623962623665626238366333393734
|
30343330336131393636646639306532333864646563303363313331613630313430303834653864
|
||||||
35646636666535396638373134376362396134353035633566336461326630323833383734356161
|
38313465303332303530326466373939343161633534353064333731343431336334303133343531
|
||||||
62303738343662633735663965336435316630653061373736643035653337363635623863626533
|
64336534623066333863666636326364353839613565643132643266333861636663313930363434
|
||||||
31306138313839616131363333326439323863646236613133333163366162353063366561656631
|
37656338356566646632393831613237613936663934333766633365373636643234346136633264
|
||||||
61623237633361313631633463666335643935616237656134383830393335346632393066666632
|
64643865613938366530613365326163376566616562383032633636393234373439656538343130
|
||||||
66326331653430633165333037316637303138353133313264643739626566353137383265366264
|
63666535646163346166396538386631373532626133643530326532353066313139656266313135
|
||||||
38353533613863353431656665363339633265303463613565636565393836616230643932333762
|
38633131613364306165646630346361303136636434653234633164333235666166613061626337
|
||||||
30353437343761613236613431626536666538336234633166623961363031393235333763626337
|
66396461636264616562666337343831303335373835386265666265616366393934323265333235
|
||||||
65623836323538653730393533383532626133393834376339303630626533613339623666353839
|
30346332373635633935616539323331326165666362316462633432353666633135653136373662
|
||||||
38613833623830306566333035336334383733626166363239356661353965353462393161626136
|
66306138633738653266336164346566616266626434356665386137313631646565646331303961
|
||||||
37336365663863393963653031303337396666653262646635386337386230383562616564653966
|
30383961373962333133396665333339333230356666636636643235373236346666333239353763
|
||||||
34393831383639303562333464653736363330326462623266383038326561323264363563623065
|
62653737313566376461336230623962353136666263656239373138353162666464633239386265
|
||||||
30366435323961613463653636666238383632353661326439346430356134643866396531623039
|
39646336313932306236346534643431373562636265306166653433636565353037363633653530
|
||||||
66663830353732663863393762626161383263663535333032393632633066363836363939316262
|
36393638663965613337646633363664663432303231366662646435626233303538346537366130
|
||||||
30373766363637316535306538663235656137363038623936366465376636393535326437666334
|
65336232353162323337303234633734356236373131626339316363666537666538623438313833
|
||||||
30343437326362613761376262383265313264383464383838386638653065313864353235373331
|
65383535636234303036346661373630303731663839323663336236643739303836333030343136
|
||||||
62646366333137643931316339373761663731633766363864633461323266663236613231656633
|
62326539356535323731373938393238613133636432323166326133336362313465326262353530
|
||||||
31653132343031313535656538663761386266333062646439383633336531373764366166646165
|
32613765633035616431656632366264633134626335356133363561383163396334313738376437
|
||||||
64343439386336323064616634363532353166353531633332663862653666666436666564356236
|
66383266396365336338383338646465616438386234353635303565326365396432383431616636
|
||||||
62336332386437626137386566333934393636313933386466366361633232383135383066396263
|
39346566306535306534383965313861343336326462316566643962346465333764653131383031
|
||||||
38343432323865353563363631646535633438336333316134343862336666313063643036343030
|
32306533313137346166653863386134623062653637346535383130643936656331613866346337
|
||||||
62323732353837363639376564336665343265663861303938316564646533346337306338623834
|
61366632316332316664613031323033626235326461336133343335323531633639363465306438
|
||||||
62353835356465303561346337366136396664383961663237653538643462666263346638303363
|
66616262353066363637616530396362626161396439613134373537643266666562386436346638
|
||||||
32663564646333343532613861336132396530363435626361643631666464383364613336383235
|
63623033353734373062373365663733666161366262303030306162386366653933326234646333
|
||||||
64376465636238633765643234383665663637643565626663393066316538313563393730396430
|
61633337326265326334346261343663633539373533613963636438663638306130646234386434
|
||||||
36373037396264613731353337393261346534343263393862376464393565353739393431313031
|
38346537623566313763383064666639376237656662383865653162336234303232386439373962
|
||||||
61353538366439383234316530326338633635393035376335616565356630633964636639386639
|
31383961616333623736626534333536356136613137636662353664396135623134343663646638
|
||||||
63356666653532666435663564393332303234363465636335316365326365633837663930616233
|
64376366346534663132616265356263356638303162306233383230363636323962333963353262
|
||||||
61343933653232666138613866666430376439396336353535663361373564366262646663653064
|
64343232373063313036616634613939623433373262386134633233643635306137373630316334
|
||||||
31353765386537656235613131323763323930363162646236333632663034356237363231313762
|
65336466646532343633663739626336393730383836653065356632333533633162646437366665
|
||||||
39323531333264633863363163333735303636333866653763373362626265396265356564303533
|
31376531383262373566323664323161346563626366623133643462636363393835373834313862
|
||||||
31353838333337393732633961353561633430616637396235626261316433366339356239633737
|
61323533306137356330666531366466303230653864386566613535363465313063363962653666
|
||||||
64333636333566366237303231376337613539643464663839303438313532323538643738353866
|
62333639636332366537363631623430376163396333333663396430393334343732626361306439
|
||||||
38626438303033346531323836336534633732366631376665663139323037643161326561363635
|
31623862663736633362373466626333663964356162653337633039323138353035656562396132
|
||||||
34633237623537383466316433336636633962623161383338656339613139346138366132356365
|
33333837396164646564623735366266376562623835656566393361633730616130373931663461
|
||||||
38363635666234616532316333366236396639353130646234626533666133363661393038353666
|
62376537613661616135346562393539346632343530363335373965323664653463383637656336
|
||||||
38343530306239336234336463646332356462356565376463383930656561336239656465303231
|
31383835363931393537646132656164653730323639373835336334653561363835373663363730
|
||||||
61323862333032343137636434643335383163366236373161653366323139646235306564366637
|
32376435626431356336633939326636313834346666656237376264633162323062663238353537
|
||||||
31313335653732633434616436636532343037383861393931323734383964346437323933653737
|
34376336616234373165313064396361356263383239393036643761613630666230346361336666
|
||||||
39653633663064313933346231663931343163336166663662333239376634386135666230393563
|
32333462313161656563323534393936373535316236393865636630366263373765323632643065
|
||||||
34333163653935326532386662613537373161366331633737653539333161386461313638643034
|
66396465306234623565663139613830356139376135336230373364646465343562373361646337
|
||||||
62323433613164383731653534383662316364333538613433623731376234306538663766363965
|
63363937663461636334366630303530343065323065633965643561366264613865356235636337
|
||||||
64376432396361636637343539393330323835353562393031616137393363333662346332616464
|
65616564636635376635623937303330386537323966353034363331316363653136653939376439
|
||||||
32643939663266343038356539656464393665616637383030666630333834613830373837353738
|
33323262396138316665383163306131383331623338343263353638343033323638323462303439
|
||||||
63623130653465386135636635643637366231383765623761356563323061343337306538633031
|
33333631623638616430356666663161636534313038373130663030356537653265363232386530
|
||||||
66326334303539623763636362333534643431383962383539613964613531353135663463373266
|
31646637333263613937646330363139353531373361376466396331386266393264366239356237
|
||||||
37326632353861383964653430656362613930353138316566636531323733396231333361663431
|
66336333663665393035626639376163623435666530656563336434626238373736336335613036
|
||||||
66356561366634323832386437336130363535343132333436633761613731636561333039303965
|
37303038646534363161343735633330343734616339633039376539343438373264393938663463
|
||||||
33336532373764303334636461646464633866656237656466613361613131613764366339336233
|
32356562353161396230373239653631323038383661383037393761323131323038643064656665
|
||||||
38373030366130613230636365303233393631383538316230366434326137336532333261383236
|
65346362373430656162346438653533306638303364386438383436333232363033383933666562
|
||||||
64306566343964643139646438633066373261363836386361316138326362373361316536313839
|
32336630303932303636653438336462313466393463343363633662383237643837323363353765
|
||||||
39663633343330663732376230633638626533313963306266363030306431373862633833383532
|
31666537643665343431613462616663303732666535363536613534656236356237336564363134
|
||||||
36623537323532373934613962613761376463363337393666316434383463393962616366643436
|
33633266396630393837363364303963663435646166363566356530313835316236346332633164
|
||||||
34326566383666663266396165613534633464656130313535383963353238623238393837353133
|
62656636643930363235636162646166626337326535643565616139363738396631613665626536
|
||||||
66396661626432313038306362393136616166653962363736363133303835376264616561343736
|
66303238363335656538353265383864663436363834633664653433333163643537333433383766
|
||||||
38383531623733326366333661393262613335653238343235353165613339393535316236353563
|
66613437366632346263623233646338316239316430303336323465656531326637323263343162
|
||||||
35663037363935386634623064636333666135313361303837383630643665613863373931626333
|
31346632363464313637373766303765323435663939353063313236373632393866363562346335
|
||||||
36316138343462636538616466383461353639613264653831323133333262626633353766643730
|
33386334653833663832396536663031613432656665306662396135363632333961663663386635
|
||||||
63343030346536616539643832303238393539383362316137386437356630313438623436636465
|
62653631623636623963616431613131393734396365333131386433613561646266623739353330
|
||||||
35363436306634393764386362616330373732623763373064306562326337303732333733346563
|
35336234653334653030356261353438363232366230316366313661626261646633333365393563
|
||||||
63356231343165653132303338343439356666646162626639646232623064656664336133666233
|
66636532326239623463303662386536313461376464633738633038346664373032373364336166
|
||||||
36366366363264663033333731616632383438306435663631613439646466663434343931663764
|
65306433316365613261383534326530376430323938306265313838626536373530636533336462
|
||||||
36623437666232323336366363333333373430303639393761636463333135626263333066656538
|
33323034393765613737666237303233333439656463306633343237633634396331306338336139
|
||||||
35336431623265663239633963353162366534653864653530623935333137653761336234616133
|
30336637633064373033363333353838646365313733646461663763373661366237366433363638
|
||||||
61643231663033393535383063373236363538623964303435623337383031653734626461623731
|
31303565396133313932636665663261393136623730663535396337663961393363626435663062
|
||||||
62306565303739313166333663363935313362356362303066323635626638393961623138613864
|
34343536383864323231653632393839616539333438353039633764336535653962393135333035
|
||||||
33626639323030306461326232323533303131633630316437333936653839626362613162336339
|
39343332396130643239633639353661623565323861303137303764633266613130323431636164
|
||||||
39373339626238303238306363356166646532623963306438626264633961643765353434326430
|
65653235386661333363653665626231356331333666363133343830326431396366373064653063
|
||||||
65323535306566343537663632393866616239613732643032356536303764636564306630383633
|
61316233633635663866356261383766666430663130636166656330356639666233386131313737
|
||||||
66356435616237376538653539366636636533343866623764316462346634313032333636336166
|
62333637366430636362316166356464643361363165616630393461356661396263316234346562
|
||||||
33653231336563363336303936336430343137653966393530393532323563393532353434393231
|
61653032333639383762353335643036616566666230666465646338663834666161626263623862
|
||||||
38363662613161626132383266323635613165363433623630653663396562366262376634326561
|
36383166623766623730333337313932363337356430373165666537346637316438313133656362
|
||||||
66643938306331663931386535613833613761313639363038616139343966656662646432663666
|
65303936363730356131316232346433376261656661353533613265343065356539343366383538
|
||||||
63393931373738373536323631353361303366343330306565393230396332373932303866333034
|
32366561663366656562356666303936336663353964623263336435653964626133383332373436
|
||||||
35396166633165396537373638333730303730613939386663653032626439363466623231303833
|
30346236633266613363626632636464366435383430323365383436626361336531353363313439
|
||||||
63656338656435383531613734643165613536353632393535646132303034663731396631303237
|
65663664623531363039303431303137623164633332616436353631633361383536616330363737
|
||||||
64376438373538373362353766303963396639333732373266343766363534623063313138616139
|
39656535666131333863363832353664326534646233346435623937646566623466646131383335
|
||||||
39313861616164613031643934313466633431316230656566306666303932343039383737313565
|
37643038306363336638393132666464393636623331306366636435633335333064383630393763
|
||||||
66356432336663636631666138636538323238303462376330663134616365323536386234666136
|
62346366613238366532343761323663633137393133306564386533643132323661323938643933
|
||||||
63343032383465616437303437303063626335363333656166393435343834646634313435653334
|
37316165346536393465613233666166633935666361376131613762383933363935353034653662
|
||||||
31366465386238393133366364376565656639656230343161613463393931373537383564353866
|
30393138633665366336373038326436353932613138396462383163376361356435376462333237
|
||||||
31313464663531353165646665356231646634383936643539323866376631666635306334616261
|
66363535616639356336323838653633323064643635373630653639613834386465363536306664
|
||||||
39383439366664386563386133356239333133306162316466343334356631616434623363643535
|
34303831366364346361643564616435396661373765323530396635376161316334356137656664
|
||||||
38663530623063373965666530386632323034623139303839323761376638313362316430373536
|
61333762366365633038653934653436613637636132353062373134316162336539653239613333
|
||||||
62363265366537656237633663663266653631653561303965616635363438613061306362336430
|
34383666643136373337303466346165363137306563643964303839626264323231343262303836
|
||||||
35303461633864353735613330643966396230623434323132383135623331353361633134663931
|
36643664633535326166313832666230656532353538363765316362336136323430636666356339
|
||||||
33333435306635313161613930656239346461623931356430306364383937353433626435633832
|
30656635343038646131663837313232316262393863613863393031386336663730613761393466
|
||||||
64613437313464323861356338643733386432656233663333343437353935353236346561366330
|
65343331346435393764343565326531653263336463346633653231643937323237383134626462
|
||||||
32396465333833343732653136616636663736623434363765336161383433356333313135313161
|
32383362633666303131376164353261353232393036353636626566633862383063356136333036
|
||||||
33373764393265376661613465626638353636653931323162363031666262653062626166363930
|
64346239363633393065633631343061343639323437303163343565646661366265643133386465
|
||||||
39613931356338393862356537343332633635366134343037633765616634316362386335663036
|
30616235653231623263353736636231356136653236366531316131323635333137643666373437
|
||||||
32666465323538356634346662383238326663333339623430376362306534363630613337626266
|
61336435613237306430343966383839663261386335616234363864353632653433393033656433
|
||||||
39326361383435623939663163373835626439643433393839383730666166666266356361633731
|
39613835326130383864373832663536383261363135303664383131636164316634383831363233
|
||||||
33336265613531303735613239316362633538386632343836613230326164366165616265313066
|
34386639616233373731306537633962383565336565343434663361343062326435343565666632
|
||||||
35333361303734343231633930346230343432336665383337343431303031383962383366343433
|
64303830326436613932333161333930656666306165316333386237633161366161303537383465
|
||||||
63363364333063313632663765633831323863626636643862323865356461366361343563383363
|
63326265626662376136636131323261643234656239316131383235636336303733386632633436
|
||||||
33363138646366333136326435376537356338633862623531393938373935353466376266333664
|
65636663626434303637616366626463346533616237306130666365366564333735383032346635
|
||||||
31633039336362363237376266346561313064393537613832663130653761636633313562316639
|
31623663363164316362343933663530663038616137633235656466366565306331343961343362
|
||||||
36633432613931663263343861396632356136366636336163343333323661666663346365626564
|
65333935653664323266356637616532393538653231383935643432363838343335656165633832
|
||||||
32613734313663656164333537653666313033643262336239623961313638306634343666303938
|
65626531316161646233626337626165656133643362626263363261326363306439353863353633
|
||||||
62636236353161336134323430336263643038623663353965656236623465326661633766363765
|
38323161383739336631373266303633363964663833643130643235366137383637663134623664
|
||||||
35653261663335313065383266383833393431333631653363363030363939323862653262316637
|
37363363306632646433376133383964643965623833373436663436393164666430363663363036
|
||||||
62343263623037643435656165623466326365363532353434643665336632383765313937666535
|
62346538353538356566623562666166383162666537656335346337643132303339326333363933
|
||||||
37663463303034363531386465383663393534393435633764646138313962373735393334326137
|
31396461346434623362353863303335623866316562316234386538343364343561333937326166
|
||||||
61653933316435363130333335323066386532626234626534396435383061333961363739333033
|
33613237386239613533653036613636666662616461613031623065323630333766653265666439
|
||||||
61656364313963303132623837666463633066653165316633373166373161343539393132316665
|
37653936303438333235366232343436346463643330373038646330306236643737386330663266
|
||||||
37646631643265333665643262666265653339616530336361333333633939373839323264613761
|
33323631303836363239663731623435666630626335663134393532306235343033663365613237
|
||||||
62643363356431306330313761623933623333383066333364663439646536333232386232623238
|
61643233356264306465623062303231643335643737366434306663393035613365616139646538
|
||||||
62356533636632396330353430653935613965383938643638353632643865323832623737646635
|
34613338346633326432353064336233343765633638626639643430333233353235616639626239
|
||||||
32636464343734653765396236653538343463373662653733326362363330643038663766383861
|
61663361643636653930666437633865386537383163643832326665316465616232636266366539
|
||||||
34316338343064393862353364613037393231343366633364393535343965623431
|
62653061396265393831396431626462663033383637363565313531343764383931663665613064
|
||||||
|
39383461353133306434323562393136313536623739353235346565376134306636613465633630
|
||||||
|
34633737633536353338663061373738336337633134636639663730366537343463373635653833
|
||||||
|
62393937393232316161366135353638666466373639613363653032666530633634306639333366
|
||||||
|
38386432636639386435306638383035353134373261663038616137336164396235356131323038
|
||||||
|
61333031316666353336343638623963616266643432613533616466353362353565363237636630
|
||||||
|
38343662623838666134356537353434383564616335363032663436333133613762383063353562
|
||||||
|
66646138383064636463623939643834396165633164333038373938636631306439356436373561
|
||||||
|
64663835393863353131343334633137346162373838353738323938313162396165393632316566
|
||||||
|
65326462613361643964386564376464353666386133616666623039366638383236653832393665
|
||||||
|
623466653930303838323161316265323031
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
---
|
||||||
loc_nginx:
|
loc_nginx:
|
||||||
servers: []
|
servers: []
|
||||||
|
|
||||||
|
|
3
group_vars/routeur.yml
Normal file
3
group_vars/routeur.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
rsyslog_high_density: true
|
||||||
|
...
|
|
@ -1,70 +0,0 @@
|
||||||
---
|
|
||||||
postgresql:
|
|
||||||
version: 13
|
|
||||||
|
|
||||||
postgresql_hosts:
|
|
||||||
- database: etherpad
|
|
||||||
user: etherpad
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: codimd
|
|
||||||
user: codimd
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: synapse
|
|
||||||
user: synapse
|
|
||||||
net: 10.128.0.56/32
|
|
||||||
method: md5
|
|
||||||
- database: kanboard
|
|
||||||
user: kanboard
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: grafana
|
|
||||||
user: grafana
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
- database: cas
|
|
||||||
user: cas
|
|
||||||
net: 10.128.0.150/32
|
|
||||||
method: md5
|
|
||||||
|
|
||||||
postgresql_databases:
|
|
||||||
- synapse
|
|
||||||
- codimd
|
|
||||||
- etherpad
|
|
||||||
- kanboard
|
|
||||||
- grafana
|
|
||||||
- cas
|
|
||||||
|
|
||||||
postgresql_users:
|
|
||||||
- name: synapse
|
|
||||||
database: synapse
|
|
||||||
password: "{{ postgresql_synapse_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: codimd
|
|
||||||
database: codimd
|
|
||||||
password: "{{ postgresql_codimd_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: etherpad
|
|
||||||
database: etherpad
|
|
||||||
password: "{{ postgresql_etherpad_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: kanboard
|
|
||||||
database: kanboard
|
|
||||||
password: "{{ postgresql_kanboard_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: grafana
|
|
||||||
database: grafana
|
|
||||||
password: "{{ postgresql_grafana_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: cas
|
|
||||||
database: cas
|
|
||||||
password: "{{ postgresql_cas_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
...
|
|
|
@ -1,50 +0,0 @@
|
||||||
---
|
|
||||||
postgresql:
|
|
||||||
version: 13
|
|
||||||
|
|
||||||
postgresql_hosts:
|
|
||||||
- database: nextcloud
|
|
||||||
user: nextcloud
|
|
||||||
net: 10.128.0.58/32
|
|
||||||
method: md5
|
|
||||||
- database: gitea
|
|
||||||
user: gitea
|
|
||||||
net: 10.128.0.60/32
|
|
||||||
method: md5
|
|
||||||
- database: wikijs
|
|
||||||
user: wikijs
|
|
||||||
net: 10.128.0.66/32
|
|
||||||
method: md5
|
|
||||||
- database: drone
|
|
||||||
user: drone
|
|
||||||
net: 10.128.0.64/32
|
|
||||||
method: md5
|
|
||||||
|
|
||||||
postgresql_databases:
|
|
||||||
- nextcloud
|
|
||||||
- gitea
|
|
||||||
- wikijs
|
|
||||||
- drone
|
|
||||||
|
|
||||||
postgresql_users:
|
|
||||||
- name: nextcloud
|
|
||||||
database: nextcloud
|
|
||||||
password: "{{ postgresql_nextcloud_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: gitea
|
|
||||||
database: gitea
|
|
||||||
password: "{{ postgresql_gitea_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: wikijs
|
|
||||||
database: wikijs
|
|
||||||
password: "{{ postgresql_wikijs_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
- name: drone
|
|
||||||
database: drone
|
|
||||||
password: "{{ postgresql_drone_passwd }}"
|
|
||||||
privs:
|
|
||||||
- ALL
|
|
||||||
...
|
|
|
@ -10,5 +10,7 @@ rsyslog_inputs:
|
||||||
port: 20514
|
port: 20514
|
||||||
- proto: udp
|
- proto: udp
|
||||||
port: 514
|
port: 514
|
||||||
|
- proto: tcp
|
||||||
|
port: 6514
|
||||||
rsyslog_outputs: []
|
rsyslog_outputs: []
|
||||||
...
|
...
|
||||||
|
|
|
@ -41,9 +41,6 @@ loc_reverseproxy:
|
||||||
- from: intranet.auro.re
|
- from: intranet.auro.re
|
||||||
to: 10.128.0.20
|
to: 10.128.0.20
|
||||||
|
|
||||||
- from: bbb.auro.re
|
|
||||||
to: 10.128.0.54
|
|
||||||
|
|
||||||
- from: nextcloud.auro.re
|
- from: nextcloud.auro.re
|
||||||
to: "10.128.0.58:8080"
|
to: "10.128.0.58:8080"
|
||||||
|
|
||||||
|
@ -64,3 +61,12 @@ loc_reverseproxy:
|
||||||
|
|
||||||
- from: wikijs.auro.re
|
- from: wikijs.auro.re
|
||||||
to: "10.128.0.66:3000"
|
to: "10.128.0.66:3000"
|
||||||
|
|
||||||
|
- from: wiki.auro.re
|
||||||
|
to: "10.128.0.66:3000"
|
||||||
|
|
||||||
|
- from: netbox.auro.re
|
||||||
|
to: 10.128.0.97
|
||||||
|
|
||||||
|
- from: grafana.auro.re
|
||||||
|
to: "10.128.0.98:3000"
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
postgresql_databases: true
|
|
67
hosts
67
hosts
|
@ -8,10 +8,11 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Aurore : main services
|
# Aurore : main services
|
||||||
|
|
||||||
viviane.adm.auro.re
|
|
||||||
|
|
||||||
[aurore_pve]
|
[aurore_pve]
|
||||||
merlin.adm.auro.re
|
escalope.adm.auro.re
|
||||||
|
services-1.pve.auro.re
|
||||||
|
services-2.pve.auro.re
|
||||||
|
services-3.pve.auro.re
|
||||||
|
|
||||||
[aurore_vm]
|
[aurore_vm]
|
||||||
routeur-aurore.adm.auro.re
|
routeur-aurore.adm.auro.re
|
||||||
|
@ -25,7 +26,7 @@ camelot.adm.auro.re
|
||||||
gitea.adm.auro.re
|
gitea.adm.auro.re
|
||||||
drone.adm.auro.re
|
drone.adm.auro.re
|
||||||
nextcloud.adm.auro.re
|
nextcloud.adm.auro.re
|
||||||
stream.adm.auro.re
|
galene.adm.auro.re
|
||||||
re2o-server.adm.auro.re
|
re2o-server.adm.auro.re
|
||||||
re2o-ldap.adm.auro.re
|
re2o-ldap.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
|
@ -39,9 +40,10 @@ bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
litl.adm.auro.re
|
litl.adm.auro.re
|
||||||
log.adm.auro.re
|
log.adm.auro.re
|
||||||
|
netbox.adm.auro.re
|
||||||
|
grafana.adm.auro.re
|
||||||
|
|
||||||
[aurore_testing_vm]
|
[aurore_testing_vm]
|
||||||
pendragon.adm.auro.re
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# OVH
|
# OVH
|
||||||
|
@ -51,11 +53,8 @@ horus.adm.auro.re
|
||||||
|
|
||||||
[ovh_container]
|
[ovh_container]
|
||||||
synapse.adm.auro.re
|
synapse.adm.auro.re
|
||||||
phabricator.adm.auro.re
|
|
||||||
wiki.adm.auro.re
|
|
||||||
www.adm.auro.re
|
www.adm.auro.re
|
||||||
proxy-ovh.adm.auro.re
|
proxy-ovh.adm.auro.re
|
||||||
matrix-services.adm.auro.re
|
|
||||||
|
|
||||||
[ovh_vm]
|
[ovh_vm]
|
||||||
serge.adm.auro.re
|
serge.adm.auro.re
|
||||||
|
@ -73,8 +72,10 @@ prometheus-federate.adm.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Jardins de Fleming
|
# Les Jardins de Fleming
|
||||||
|
|
||||||
|
[fleming_server]
|
||||||
|
perceval.adm.auro.re
|
||||||
|
|
||||||
[fleming_pve]
|
[fleming_pve]
|
||||||
freya.adm.auro.re
|
|
||||||
marki.adm.auro.re
|
marki.adm.auro.re
|
||||||
|
|
||||||
[fleming_vm]
|
[fleming_vm]
|
||||||
|
@ -244,7 +245,7 @@ ps-4-3.borne.auro.re
|
||||||
# Emilie du Chatelet
|
# Emilie du Chatelet
|
||||||
|
|
||||||
[edc_server]
|
[edc_server]
|
||||||
perceval.adm.auro.re
|
caradoc.adm.auro.re
|
||||||
|
|
||||||
[edc_pve]
|
[edc_pve]
|
||||||
chapalux.adm.auro.re
|
chapalux.adm.auro.re
|
||||||
|
@ -267,7 +268,6 @@ ee-2-1.borne.auro.re
|
||||||
ee-2-2.borne.auro.re
|
ee-2-2.borne.auro.re
|
||||||
eo-0-1.borne.auro.re
|
eo-0-1.borne.auro.re
|
||||||
eo-2-1.borne.auro.re
|
eo-2-1.borne.auro.re
|
||||||
eo-2-2.borne.auro.re
|
|
||||||
ep-0-1.borne.auro.re
|
ep-0-1.borne.auro.re
|
||||||
ep-1-1.borne.auro.re
|
ep-1-1.borne.auro.re
|
||||||
ep-1-2.borne.auro.re
|
ep-1-2.borne.auro.re
|
||||||
|
@ -348,7 +348,6 @@ gh-1-2.borne.auro.re
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Les Rives
|
# Les Rives
|
||||||
[rives_pve]
|
[rives_pve]
|
||||||
thor.adm.auro.re
|
|
||||||
loki.adm.auro.re
|
loki.adm.auro.re
|
||||||
|
|
||||||
[rives_vm]
|
[rives_vm]
|
||||||
|
@ -439,6 +438,7 @@ ovh_vm
|
||||||
|
|
||||||
# everything at fleming
|
# everything at fleming
|
||||||
[fleming:children]
|
[fleming:children]
|
||||||
|
fleming_server
|
||||||
fleming_pve
|
fleming_pve
|
||||||
fleming_vm
|
fleming_vm
|
||||||
fleming_unifi
|
fleming_unifi
|
||||||
|
@ -451,6 +451,7 @@ pacaterie_unifi
|
||||||
|
|
||||||
# everything at edc
|
# everything at edc
|
||||||
[edc:children]
|
[edc:children]
|
||||||
|
edc_server
|
||||||
edc_pve
|
edc_pve
|
||||||
edc_vm
|
edc_vm
|
||||||
edc_unifi
|
edc_unifi
|
||||||
|
@ -483,6 +484,11 @@ edc_vm
|
||||||
gs_vm
|
gs_vm
|
||||||
rives_vm
|
rives_vm
|
||||||
|
|
||||||
|
# every server
|
||||||
|
[server:children]
|
||||||
|
fleming_server
|
||||||
|
edc_server
|
||||||
|
|
||||||
# every PVE
|
# every PVE
|
||||||
[pve:children]
|
[pve:children]
|
||||||
ovh_pve
|
ovh_pve
|
||||||
|
@ -503,6 +509,20 @@ pacaterie_unifi
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Groups by service
|
# Groups by service
|
||||||
|
|
||||||
|
[routeur]
|
||||||
|
routeur-fleming.adm.auro.re
|
||||||
|
routeur-fleming-backup.adm.auro.re
|
||||||
|
routeur-pacaterie.adm.auro.re
|
||||||
|
routeur-pacaterie-backup.adm.auro.re
|
||||||
|
routeur-edc.adm.auro.re
|
||||||
|
routeur-edc-backup.adm.auro.re
|
||||||
|
routeur-gs.adm.auro.re
|
||||||
|
routeur-gs-backup.adm.auro.re
|
||||||
|
routeur-rives.adm.auro.re
|
||||||
|
routeur-rives-backup.adm.auro.re
|
||||||
|
routeur-aurore.adm.auro.re
|
||||||
|
routeur-aurore-backup.adm.auro.re
|
||||||
|
|
||||||
[ldap_replica:children]
|
[ldap_replica:children]
|
||||||
ldap_replica_fleming
|
ldap_replica_fleming
|
||||||
ldap_replica_pacaterie
|
ldap_replica_pacaterie
|
||||||
|
@ -549,3 +569,26 @@ proxy.adm.auro.re
|
||||||
bdd.adm.auro.re
|
bdd.adm.auro.re
|
||||||
bdd-ovh.adm.auro.re
|
bdd-ovh.adm.auro.re
|
||||||
re2o-db.adm.auro.re
|
re2o-db.adm.auro.re
|
||||||
|
|
||||||
|
[radius]
|
||||||
|
radius-aurore.adm.auro.re
|
||||||
|
radius-fleming.adm.auro.re
|
||||||
|
radius-fleming-backup.adm.auro.re
|
||||||
|
radius-edc.adm.auro.re
|
||||||
|
radius-edc-backup.adm.auro.re
|
||||||
|
radius-gs.adm.auro.re
|
||||||
|
radius-gs-backup.adm.auro.re
|
||||||
|
radius-pacaterie.adm.auro.re
|
||||||
|
radius-pacaterie-backup.adm.auro.re
|
||||||
|
radius-rives.adm.auro.re
|
||||||
|
radius-rives-backup.adm.auro.re
|
||||||
|
|
||||||
|
[prometheus]
|
||||||
|
prometheus-ovh.adm.auro.re
|
||||||
|
prometheus-aurore.adm.auro.re
|
||||||
|
prometheus-rives.adm.auro.re
|
||||||
|
prometheus-gs.adm.auro.re
|
||||||
|
prometheus-edc.adm.auro.re
|
||||||
|
prometheus-pacaterie.adm.auro.re
|
||||||
|
prometheus-fleming.adm.auro.re
|
||||||
|
prometheus-federate.adm.auro.re
|
||||||
|
|
65
network.yml
65
network.yml
|
@ -1,65 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# Set up DHCP servers.
|
|
||||||
- hosts: dhcp-*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- isc_dhcp_server
|
|
||||||
|
|
||||||
|
|
||||||
# Deploy unbound DNS server (recursive).
|
|
||||||
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- unbound
|
|
||||||
|
|
||||||
|
|
||||||
# Déploiement du service re2o aurore-firewall et keepalived
|
|
||||||
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
|
||||||
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
|
||||||
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- radvd
|
|
||||||
|
|
||||||
# No radvd here
|
|
||||||
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
|
||||||
roles:
|
|
||||||
- router
|
|
||||||
- ipv6_edge_router
|
|
||||||
|
|
||||||
# Radius (backup only for now)
|
|
||||||
- hosts: radius-*.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- radius
|
|
||||||
|
|
||||||
|
|
||||||
# WIP: Deploy authoritative DNS servers
|
|
||||||
# - hosts: authoritative_dns
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
|
||||||
# service_name: dns
|
|
||||||
# service_version: crans
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o_service
|
|
||||||
|
|
||||||
|
|
||||||
# Deploy Unifi Controller
|
|
||||||
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
|
||||||
# roles:
|
|
||||||
# - unifi-controller
|
|
||||||
|
|
||||||
# Deploy Re2o switch service
|
|
||||||
# - hosts: switchs-manager.adm.auro.re
|
|
||||||
# vars:
|
|
||||||
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
|
||||||
# service_name: switchs
|
|
||||||
# service_version: master
|
|
||||||
# service_config:
|
|
||||||
# hostname: re2o-server.adm.auro.re
|
|
||||||
# username: service-user
|
|
||||||
# password: "{{ vault_serviceuser_passwd }}"
|
|
||||||
# roles:
|
|
||||||
# - re2o_service
|
|
|
@ -5,13 +5,6 @@
|
||||||
roles:
|
roles:
|
||||||
- baseconfig
|
- baseconfig
|
||||||
- basesecurity
|
- basesecurity
|
||||||
|
|
||||||
# Plug LDAP on all servers
|
|
||||||
- hosts: all,!unifi
|
|
||||||
roles:
|
|
||||||
- ldap_client
|
- ldap_client
|
||||||
|
|
||||||
# Install logrotate
|
|
||||||
- hosts: all,!unifi,!pve
|
|
||||||
roles:
|
|
||||||
- logrotate
|
- logrotate
|
||||||
|
- update_motd
|
32
playbooks/borgbackup.yml
Executable file
32
playbooks/borgbackup.yml
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: perceval.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
borgbackup_server: >-
|
||||||
|
Les sauvegardes (borg) sont stockées dans
|
||||||
|
{{ borg_server_backups_dir }}.
|
||||||
|
roles:
|
||||||
|
- borgbackup_server
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
- hosts: all,!unifi,!unifi-*,!bdd
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
borgbackup_client: >-
|
||||||
|
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||||
|
roles:
|
||||||
|
- borgbackup_client
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# On databases server, also backup databases
|
||||||
|
- hosts: bdd
|
||||||
|
vars:
|
||||||
|
borg_postgresql_databases: true
|
||||||
|
update_motd:
|
||||||
|
borgbackup_client: >-
|
||||||
|
BorgBackup est déployé (/etc/borgmatic/config.yaml)
|
||||||
|
roles:
|
||||||
|
- borgbackup_client
|
||||||
|
- update_motd
|
||||||
|
...
|
10
playbooks/docker.yml
Executable file
10
playbooks/docker.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Docker hosts
|
||||||
|
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,wikijs.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
docker: Docker est déployé.
|
||||||
|
roles:
|
||||||
|
- docker
|
||||||
|
- update_motd
|
27
playbooks/grafana.yml
Executable file
27
playbooks/grafana.yml
Executable file
|
@ -0,0 +1,27 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Grafana
|
||||||
|
- hosts: grafana.adm.auro.re
|
||||||
|
vars:
|
||||||
|
grafana:
|
||||||
|
root_url: https://grafana.auro.re
|
||||||
|
database:
|
||||||
|
type: postgres
|
||||||
|
host: 10.128.0.95
|
||||||
|
name: grafana
|
||||||
|
user: grafana
|
||||||
|
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
|
ldap:
|
||||||
|
host: "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
|
||||||
|
bind_dn: cn=grafana,ou=service-users,dc=auro,dc=re
|
||||||
|
bind_password: "{{ vault_ldap_grafana_password }}"
|
||||||
|
search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
|
||||||
|
group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
|
||||||
|
editors_group_dn:
|
||||||
|
- cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
|
- cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
|
||||||
|
update_motd:
|
||||||
|
grafana: Grafana est déployé (/etc/grafana).
|
||||||
|
roles:
|
||||||
|
- grafana
|
||||||
|
- update_motd
|
9
playbooks/isc-dhcp-server.yml
Executable file
9
playbooks/isc-dhcp-server.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: dhcp-*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: isc-dhcp-server est déployé.
|
||||||
|
roles:
|
||||||
|
- isc_dhcp_server
|
||||||
|
- update_motd
|
17
playbooks/knot.yml
Executable file
17
playbooks/knot.yml
Executable file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# WIP: Deploy authoritative DNS servers
|
||||||
|
# - hosts: authoritative_dns
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
|
||||||
|
# service_name: dns
|
||||||
|
# service_version: crans
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
|
@ -1,7 +1,10 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
# Clone LDAP on local geographic location
|
# Clone LDAP on local geographic location
|
||||||
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
# DON'T DO THIS AS IT RECREATES THE REPLICA
|
||||||
- hosts: ldap_replica
|
# - hosts: ldap_replica
|
||||||
roles:
|
# roles:
|
||||||
- ldap_replica
|
# - ldap_replica
|
|
@ -1,18 +1,18 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Install Matrix Synapse on corresponding containers
|
# Install Matrix Synapse
|
||||||
- hosts: synapse.adm.auro.re
|
- hosts: synapse.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
mxisd_releases: https://github.com/kamax-matrix/mxisd/releases
|
||||||
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
mxisd_deb: "{{ mxisd_releases }}/download/v1.3.1/mxisd_1.3.1_all.deb"
|
||||||
|
update_motd:
|
||||||
|
matrix-synapse: matrix-synapse est déployé.
|
||||||
|
matrix-appservice-irc: matrix-appservice-irc est déployé.
|
||||||
|
matrix-appservice-webhooks: matrix-appservice-webhooks est déployé.
|
||||||
roles:
|
roles:
|
||||||
- debian_backports
|
- debian_backports
|
||||||
- nodejs
|
- nodejs
|
||||||
- matrix_synapse
|
- matrix_synapse
|
||||||
- matrix_appservice_irc
|
- matrix_appservice_irc
|
||||||
- matrix_appservice_webhooks
|
- matrix_appservice_webhooks
|
||||||
|
- update_motd
|
||||||
# Install Matrix services
|
|
||||||
- hosts: matrix-services.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- debian_backports
|
|
|
@ -1,28 +1,26 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Deploy Docker hosts
|
|
||||||
- hosts: docker-ovh.adm.auro.re,gitea.adm.auro.re,drone.adm.auro.re,stream.adm.auro.re,wikijs.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- docker
|
|
||||||
|
|
||||||
# Deploy Passbolt
|
|
||||||
- hosts: passbolt.adm.auro.re
|
|
||||||
roles:
|
|
||||||
- passbolt
|
|
||||||
|
|
||||||
- hosts: reverseproxy
|
- hosts: reverseproxy
|
||||||
vars:
|
vars:
|
||||||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
||||||
|
update_motd:
|
||||||
|
nginx: >-
|
||||||
|
Le reverse-proxy NGINX est déployé (/etc/nginx).
|
||||||
roles:
|
roles:
|
||||||
- certbot
|
- certbot
|
||||||
- nginx
|
- nginx
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: nginx,!reverseproxy
|
- hosts: nginx,!reverseproxy
|
||||||
vars:
|
vars:
|
||||||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||||
|
update_motd:
|
||||||
|
nginx: >-
|
||||||
|
NGINX avec certbot est déployé (/etc/nginx).
|
||||||
roles:
|
roles:
|
||||||
- certbot
|
- certbot
|
||||||
- nginx
|
- nginx
|
||||||
|
- update_motd
|
|
@ -1,4 +1,13 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
|
# Deploy Postfix on non mailhost servers
|
||||||
|
- hosts: all,!unifi
|
||||||
|
vars:
|
||||||
|
local_network: 10.128.0.0/16
|
||||||
|
relay_host: proxy.adm.auro.re
|
||||||
|
roles:
|
||||||
|
- postfix_non_mailhost
|
||||||
|
|
||||||
# Deploy Re2o mail service
|
# Deploy Re2o mail service
|
||||||
- hosts: mail.auro.re
|
- hosts: mail.auro.re
|
||||||
vars:
|
vars:
|
||||||
|
@ -10,4 +19,4 @@
|
||||||
username: service-user
|
username: service-user
|
||||||
password: "{{ vault_serviceuser_passwd }}"
|
password: "{{ vault_serviceuser_passwd }}"
|
||||||
roles:
|
roles:
|
||||||
- re2o-service
|
- re2o_service
|
140
playbooks/postgresql.yml
Executable file
140
playbooks/postgresql.yml
Executable file
|
@ -0,0 +1,140 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Install and configure database servers at Saclay
|
||||||
|
- hosts: bdd.adm.auro.re
|
||||||
|
vars:
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
hosts:
|
||||||
|
- database: nextcloud
|
||||||
|
user: nextcloud
|
||||||
|
net: 10.128.0.58/32
|
||||||
|
method: md5
|
||||||
|
- database: gitea
|
||||||
|
user: gitea
|
||||||
|
net: 10.128.0.60/32
|
||||||
|
method: md5
|
||||||
|
- database: wikijs
|
||||||
|
user: wikijs
|
||||||
|
net: 10.128.0.66/32
|
||||||
|
method: md5
|
||||||
|
- database: drone
|
||||||
|
user: drone
|
||||||
|
net: 10.128.0.64/32
|
||||||
|
method: md5
|
||||||
|
- database: netbox
|
||||||
|
user: netbox
|
||||||
|
net: 10.128.0.97/32
|
||||||
|
method: md5
|
||||||
|
- database: grafana
|
||||||
|
user: grafana
|
||||||
|
net: 10.128.0.98/32
|
||||||
|
method: md5
|
||||||
|
databases:
|
||||||
|
- nextcloud
|
||||||
|
- gitea
|
||||||
|
- wikijs
|
||||||
|
- drone
|
||||||
|
- netbox
|
||||||
|
- grafana
|
||||||
|
users:
|
||||||
|
- name: nextcloud
|
||||||
|
database: nextcloud
|
||||||
|
password: "{{ vault_postgresql_nextcloud_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: gitea
|
||||||
|
database: gitea
|
||||||
|
password: "{{ vault_postgresql_gitea_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: wikijs
|
||||||
|
database: wikijs
|
||||||
|
password: "{{ vault_postgresql_wikijs_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: drone
|
||||||
|
database: drone
|
||||||
|
password: "{{ vault_postgresql_drone_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: netbox
|
||||||
|
database: netbox
|
||||||
|
password: "{{ vault_postgresql_netbox_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: grafana
|
||||||
|
database: grafana
|
||||||
|
password: "{{ vault_postgresql_grafana_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
update_motd:
|
||||||
|
postgresql: PostgreSQL est déployé.
|
||||||
|
roles:
|
||||||
|
- postgresql
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# Install and configure database servers at OVH
|
||||||
|
- hosts: bdd-ovh.adm.auro.re
|
||||||
|
vars:
|
||||||
|
postgresql:
|
||||||
|
version: 13
|
||||||
|
hosts:
|
||||||
|
- database: etherpad
|
||||||
|
user: etherpad
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: codimd
|
||||||
|
user: codimd
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: synapse
|
||||||
|
user: synapse
|
||||||
|
net: 10.128.0.56/32
|
||||||
|
method: md5
|
||||||
|
- database: kanboard
|
||||||
|
user: kanboard
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
- database: cas
|
||||||
|
user: cas
|
||||||
|
net: 10.128.0.150/32
|
||||||
|
method: md5
|
||||||
|
databases:
|
||||||
|
- synapse
|
||||||
|
- codimd
|
||||||
|
- etherpad
|
||||||
|
- kanboard
|
||||||
|
- cas
|
||||||
|
users:
|
||||||
|
- name: synapse
|
||||||
|
database: synapse
|
||||||
|
password: "{{ vault_postgresql_synapse_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: codimd
|
||||||
|
database: codimd
|
||||||
|
password: "{{ vault_postgresql_codimd_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: etherpad
|
||||||
|
database: etherpad
|
||||||
|
password: "{{ vault_postgresql_etherpad_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: kanboard
|
||||||
|
database: kanboard
|
||||||
|
password: "{{ vault_postgresql_kanboard_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
- name: cas
|
||||||
|
database: cas
|
||||||
|
password: "{{ vault_postgresql_cas_passwd }}"
|
||||||
|
privs:
|
||||||
|
- ALL
|
||||||
|
update_motd:
|
||||||
|
postgresql: PostgreSQL est déployé.
|
||||||
|
roles:
|
||||||
|
- postgresql
|
||||||
|
- update_motd
|
||||||
|
...
|
|
@ -5,6 +5,8 @@
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
|
@ -12,14 +14,20 @@
|
||||||
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
{{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
|
||||||
prometheus_unifi_snmp_targets:
|
prometheus_unifi_snmp_targets:
|
||||||
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
- targets: "{{ groups['fleming_unifi'] | list | sort }}"
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration fleming) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-pacaterie.adm.auro.re
|
- hosts: prometheus-pacaterie.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
|
@ -30,14 +38,20 @@
|
||||||
prometheus_ups_snmp_targets:
|
prometheus_ups_snmp_targets:
|
||||||
- ups-pn-1.ups.auro.re
|
- ups-pn-1.ups.auro.re
|
||||||
- ups-ps-1.ups.auro.re
|
- ups-ps-1.ups.auro.re
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-edc.adm.auro.re
|
- hosts: prometheus-edc.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_ups_snmp_targets:
|
prometheus_ups_snmp_targets:
|
||||||
|
@ -50,14 +64,20 @@
|
||||||
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
{{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
|
||||||
prometheus_unifi_snmp_targets:
|
prometheus_unifi_snmp_targets:
|
||||||
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
- targets: "{{ groups['edc_unifi'] | list | sort }}"
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration edc) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-gs.adm.auro.re
|
- hosts: prometheus-gs.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
|
@ -67,14 +87,22 @@
|
||||||
- targets: "{{ groups['gs_unifi'] | list | sort }}"
|
- targets: "{{ groups['gs_unifi'] | list | sort }}"
|
||||||
prometheus_ups_snmp_targets:
|
prometheus_ups_snmp_targets:
|
||||||
- ups-gk-1.ups.auro.re
|
- ups-gk-1.ups.auro.re
|
||||||
|
prometheus_pdu_snmp_targets:
|
||||||
|
- pdu-ga-1.ups.auro.re
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration gs) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-rives.adm.auro.re
|
- hosts: prometheus-rives.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_ups_snmp_targets:
|
prometheus_ups_snmp_targets:
|
||||||
|
@ -86,19 +114,28 @@
|
||||||
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
{{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
|
||||||
prometheus_unifi_snmp_targets:
|
prometheus_unifi_snmp_targets:
|
||||||
- targets: "{{ groups['rives_unifi'] | list | sort }}"
|
- targets: "{{ groups['rives_unifi'] | list | sort }}"
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration rives) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-aurore.adm.auro.re
|
- hosts: prometheus-aurore.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
- targets: |
|
- targets: |
|
||||||
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
{{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
|
||||||
|
prometheus_postgres_targets:
|
||||||
|
- targets: |
|
||||||
|
{{ groups['bdd'] + groups['radius'] | list | sort }}
|
||||||
prometheus_switch_snmp_targets:
|
prometheus_switch_snmp_targets:
|
||||||
- targets:
|
- targets:
|
||||||
- yggdrasil.switch.auro.re
|
- yggdrasil.switch.auro.re
|
||||||
|
@ -115,29 +152,43 @@
|
||||||
- sw-ec-core.switch.auro.re
|
- sw-ec-core.switch.auro.re
|
||||||
- sw-gk-core.switch.auro.re
|
- sw-gk-core.switch.auro.re
|
||||||
- sw-r3-core.switch.auro.re
|
- sw-r3-core.switch.auro.re
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration aurore) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-ovh.adm.auro.re
|
- hosts: prometheus-ovh.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
snmp_switch_community: "{{ vault_snmp_switch_community }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
- targets: |
|
- targets: |
|
||||||
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
{{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
|
||||||
|
prometheus_postgres_targets:
|
||||||
|
- targets:
|
||||||
|
- bdd-ovh.adm.auro.re
|
||||||
prometheus_docker_targets:
|
prometheus_docker_targets:
|
||||||
- docker-ovh.adm.auro.re:8087
|
- docker-ovh.adm.auro.re
|
||||||
|
update_motd:
|
||||||
|
prometheus: >-
|
||||||
|
Prometheus (en configuration ovh) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
- update_motd
|
||||||
|
|
||||||
- hosts: prometheus-federate.adm.auro.re
|
- hosts: prometheus-federate.adm.auro.re
|
||||||
vars:
|
vars:
|
||||||
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
prometheus_alertmanager: docker-ovh.adm.auro.re:9093
|
||||||
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
|
||||||
|
snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
|
||||||
|
snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
|
||||||
|
|
||||||
# Prometheus targets.json
|
# Prometheus targets.json
|
||||||
prometheus_targets:
|
prometheus_targets:
|
||||||
|
@ -148,9 +199,17 @@
|
||||||
- prometheus-rives.adm.auro.re
|
- prometheus-rives.adm.auro.re
|
||||||
- prometheus-aurore.adm.auro.re
|
- prometheus-aurore.adm.auro.re
|
||||||
- prometheus-ovh.adm.auro.re
|
- prometheus-ovh.adm.auro.re
|
||||||
|
update_motd:
|
||||||
|
prometheus_federate: >-
|
||||||
|
Prometheus (en configuration fédération) est déployé (/etc/prometheus).
|
||||||
roles:
|
roles:
|
||||||
- prometheus_federate
|
- prometheus_federate
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# Postgres Exporters
|
||||||
|
- hosts: bdd,radius
|
||||||
|
roles:
|
||||||
|
- prometheus_postgres
|
||||||
|
|
||||||
# Monitor all hosts
|
# Monitor all hosts
|
||||||
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
- hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
|
10
playbooks/radius.yml
Executable file
10
playbooks/radius.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy Radius
|
||||||
|
- hosts: radius-*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: FreeRADIUS est déployé.
|
||||||
|
roles:
|
||||||
|
- radius
|
||||||
|
- update_motd
|
23
playbooks/router.yml
Executable file
23
playbooks/router.yml
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy firewall and keepalived
|
||||||
|
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
|
||||||
|
# Must NOT be on routeur-aurore-*, or will with DHCPv6!
|
||||||
|
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec radvd) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- radvd
|
||||||
|
- update_motd
|
||||||
|
|
||||||
|
# No radvd here
|
||||||
|
- hosts: ~routeur-aurore.*\.adm\.auro\.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Le routage (avec DHCPv6) est déployé.
|
||||||
|
roles:
|
||||||
|
- router
|
||||||
|
- ipv6_edge_router
|
||||||
|
- update_motd
|
1
log.yml → playbooks/rsyslog.yml
Normal file → Executable file
1
log.yml → playbooks/rsyslog.yml
Normal file → Executable file
|
@ -1,3 +1,4 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
- hosts: log.adm.auro.re
|
- hosts: log.adm.auro.re
|
||||||
roles:
|
roles:
|
14
playbooks/ssh.yml
Executable file
14
playbooks/ssh.yml
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: services-*.pve.auro.re
|
||||||
|
vars:
|
||||||
|
openssh_users_ca_public_key:
|
||||||
|
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
|
||||||
|
hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
|
||||||
|
F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
|
||||||
|
openssh_authorized_principals:
|
||||||
|
- any
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
roles:
|
||||||
|
- openssh_server
|
||||||
|
...
|
17
playbooks/switchs-manager.yml
Executable file
17
playbooks/switchs-manager.yml
Executable file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# Deploy Re2o switch service
|
||||||
|
# - hosts: switchs-manager.adm.auro.re
|
||||||
|
# vars:
|
||||||
|
# service_repo: https://gitlab.federez.net/re2o/switchs.git
|
||||||
|
# service_name: switchs
|
||||||
|
# service_version: master
|
||||||
|
# service_config:
|
||||||
|
# hostname: re2o-server.adm.auro.re
|
||||||
|
# username: service-user
|
||||||
|
# password: "{{ vault_serviceuser_passwd }}"
|
||||||
|
# roles:
|
||||||
|
# - re2o_service
|
10
playbooks/unbound.yml
Executable file
10
playbooks/unbound.yml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
# Deploy unbound DNS server (recursive).
|
||||||
|
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
|
||||||
|
vars:
|
||||||
|
update_motd:
|
||||||
|
unbound: Unbound est déployé.
|
||||||
|
roles:
|
||||||
|
- unbound
|
||||||
|
- update_motd
|
9
playbooks/unifi.yml
Executable file
9
playbooks/unifi.yml
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/usr/bin/env ansible-playbook
|
||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles: []
|
||||||
|
|
||||||
|
# Deploy Unifi Controller
|
||||||
|
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
|
||||||
|
# roles:
|
||||||
|
# - unifi-controller
|
432
proxmox.yml
432
proxmox.yml
|
@ -1,432 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# This is a special playbook to create a new VM !
|
|
||||||
- hosts: proxy.adm.auro.re # Host with python-proxmoxer and python-requests
|
|
||||||
become: false # We do not need root as we use Proxmox API
|
|
||||||
|
|
||||||
vars:
|
|
||||||
vm_definitions:
|
|
||||||
|
|
||||||
# Réseau Pacaterie
|
|
||||||
- name: ldap-replica-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau Fleming
|
|
||||||
- name: ldap-replica-fleming1
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau EdC
|
|
||||||
- name: ldap-replica-edc1
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau George Sand
|
|
||||||
- name: ldap-replica-gs1
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-gs
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
vars_prompt:
|
|
||||||
- name: "password"
|
|
||||||
prompt: "Enter LDAP password for your user"
|
|
||||||
private: true
|
|
||||||
|
|
||||||
tasks:
|
|
||||||
- name: Define a virtual machine in Proxmox
|
|
||||||
proxmox_kvm:
|
|
||||||
api_user: "{{ ansible_user_id }}@pam"
|
|
||||||
api_password: "{{ password }}"
|
|
||||||
api_host: "{{ item.virtu }}.adm.auro.re"
|
|
||||||
name: "{{ item.name }}"
|
|
||||||
node: "{{ item.virtu }}"
|
|
||||||
scsihw: virtio-scsi-pci
|
|
||||||
scsi: '{"scsi0":"{{ item.virtu }}:{{ item.disksize }},format=raw"}'
|
|
||||||
sata: '{"sata0":"local:iso/{{ item.installiso }},media=cdrom"}'
|
|
||||||
net: '{"net0":"virtio,bridge=vmbr2"}' # Adm only by default
|
|
||||||
cores: "{{ item.cores }}"
|
|
||||||
memory: "{{ item.memory }}"
|
|
||||||
balloon: "{{ item.memory // 2 }}"
|
|
||||||
bios: seabios # Ansible module doesn't support UEFI boot disk
|
|
||||||
loop:
|
|
||||||
# Réseau Fleming
|
|
||||||
- name: ldap-replica-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-fleming
|
|
||||||
virtu: freya
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
- name: ldap-replica-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: routeur-fleming-fo
|
|
||||||
virtu: marki
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau Pacaterie
|
|
||||||
- name: ldap-replica-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-pacaterie
|
|
||||||
virtu: mordred
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
- name: ldap-replica-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: routeur-pacaterie-fo
|
|
||||||
virtu: titan
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau EDC
|
|
||||||
- name: ldap-replica-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-edc
|
|
||||||
virtu: chapalux
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
|
|
||||||
# Réseau George Sand
|
|
||||||
- name: ldap-replica-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dhcp-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: dns-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: prometheus-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: radius-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
||||||
- name: unifi-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-9.9.0-amd64-netinst.iso
|
|
||||||
- name: routeur-georgesand
|
|
||||||
virtu: perceval
|
|
||||||
cores: 2 # 2 mimimum, 10 maximum
|
|
||||||
memory: 1024 # M
|
|
||||||
disksize: 16 # G
|
|
||||||
installiso: debian-10.0.0-amd64-netinst.iso
|
|
|
@ -29,9 +29,6 @@
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
|
|
||||||
# Configure APT mirrors on Debian Stretch
|
# Configure APT mirrors on Debian Stretch
|
||||||
- name: Configure APT mirrors
|
- name: Configure APT mirrors
|
||||||
when:
|
when:
|
||||||
|
|
|
@ -107,10 +107,4 @@
|
||||||
name: borgmatic.timer
|
name: borgmatic.timer
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
key: 10-borgmatic
|
|
||||||
message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -42,7 +42,7 @@ consistency:
|
||||||
- repository
|
- repository
|
||||||
- archives
|
- archives
|
||||||
|
|
||||||
{% if postgresql_databases is defined %}
|
{% if borg_postgresql_databases is defined %}
|
||||||
hooks:
|
hooks:
|
||||||
postgresql_databases:
|
postgresql_databases:
|
||||||
- name: all
|
- name: all
|
||||||
|
|
|
@ -35,13 +35,4 @@
|
||||||
owner: "{{ borg_server_user }}"
|
owner: "{{ borg_server_user }}"
|
||||||
group: "{{ borg_server_group }}"
|
group: "{{ borg_server_group }}"
|
||||||
mode: u=rwx,g=,o=
|
mode: u=rwx,g=,o=
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 10-borg-server
|
|
||||||
message: >-
|
|
||||||
Les sauvegardes (borg) sont stockées dans
|
|
||||||
{{ borg_server_backups_dir }}.
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -50,12 +50,4 @@
|
||||||
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
url: https://github.com/docker/compose/releases/download/1.24.1/docker-compose-Linux-x86_64
|
||||||
dest: /usr/local/bin/docker-compose
|
dest: /usr/local/bin/docker-compose
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 10-docker
|
|
||||||
message: >-
|
|
||||||
Docker est installé sur ce serveur.
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,30 +0,0 @@
|
||||||
---
|
|
||||||
# For DokuWiki package
|
|
||||||
- name: Configure Debian Buster mirrors
|
|
||||||
when:
|
|
||||||
- ansible_distribution == 'Debian'
|
|
||||||
- ansible_distribution_release == 'stretch'
|
|
||||||
template:
|
|
||||||
src: apt/buster.list.j2
|
|
||||||
dest: /etc/apt/sources.list.d/buster.list
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
# For DokuWiki package
|
|
||||||
- name: Configure DokuWiki pin
|
|
||||||
when:
|
|
||||||
- ansible_distribution == 'Debian'
|
|
||||||
- ansible_distribution_release == 'stretch'
|
|
||||||
template:
|
|
||||||
src: apt/dokuwiki.j2
|
|
||||||
dest: /etc/apt/preferences.d/dokuwiki
|
|
||||||
mode: 0644
|
|
||||||
|
|
||||||
# Install
|
|
||||||
- name: Install DokuWiki
|
|
||||||
apt:
|
|
||||||
update_cache: true
|
|
||||||
name: dokuwiki
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
|
@ -1,9 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
{# #}
|
|
||||||
{# Default mirror #}
|
|
||||||
{% if debian_mirror is not defined %}
|
|
||||||
{% set debian_mirror = 'http://ftp.fr.debian.org/debian' %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
deb {{ debian_mirror }} buster main
|
|
||||||
deb-src {{ debian_mirror }} buster main
|
|
|
@ -1,9 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
Package: *
|
|
||||||
Pin: release n=stretch*
|
|
||||||
Pin-Priority: 990
|
|
||||||
|
|
||||||
Package: dokuwiki
|
|
||||||
Pin: release n=buster
|
|
||||||
Pin-Priority: 990
|
|
5
roles/grafana/handlers/main.yml
Normal file
5
roles/grafana/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Restart grafana
|
||||||
|
service:
|
||||||
|
name: grafana-server
|
||||||
|
state: restarted
|
111
roles/grafana/tasks/main.yml
Normal file
111
roles/grafana/tasks/main.yml
Normal file
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
- name: Install gpg (to import Grafana key)
|
||||||
|
apt:
|
||||||
|
name: gpg
|
||||||
|
state: present
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Import Grafana GPG signing key
|
||||||
|
apt_key:
|
||||||
|
url: https://packages.grafana.com/gpg.key
|
||||||
|
state: present
|
||||||
|
register: apt_key_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_key_result is succeeded
|
||||||
|
|
||||||
|
- name: Add Grafana repository
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://packages.grafana.com/oss/deb stable main
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Install Grafana
|
||||||
|
apt:
|
||||||
|
name: grafana
|
||||||
|
state: present
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Configure Grafana
|
||||||
|
ini_file:
|
||||||
|
path: /etc/grafana/grafana.ini
|
||||||
|
section: "{{ item.section }}"
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
mode: 0640
|
||||||
|
loop:
|
||||||
|
- section: server
|
||||||
|
option: root_url
|
||||||
|
value: "{{ grafana.root_url }}"
|
||||||
|
- section: analytics
|
||||||
|
option: reporting_enabled
|
||||||
|
value: "false"
|
||||||
|
- section: analytics
|
||||||
|
option: check_for_updates
|
||||||
|
value: "false"
|
||||||
|
- section: security
|
||||||
|
option: disable_initial_admin_creation
|
||||||
|
value: "true"
|
||||||
|
- section: security
|
||||||
|
option: cookie_secure
|
||||||
|
value: "true"
|
||||||
|
- section: security
|
||||||
|
option: disable_gravatar
|
||||||
|
value: "true"
|
||||||
|
- section: snapshots
|
||||||
|
option: external_enabled
|
||||||
|
value: "false"
|
||||||
|
- section: users
|
||||||
|
option: allow_sign_up
|
||||||
|
value: "false"
|
||||||
|
- section: users
|
||||||
|
option: allow_org_create
|
||||||
|
value: "false"
|
||||||
|
- section: auth.anonymous
|
||||||
|
option: enabled
|
||||||
|
value: "false" # no public access
|
||||||
|
- section: auth.anonymous
|
||||||
|
option: hide_version
|
||||||
|
value: "true"
|
||||||
|
- section: auth.basic # only LDAP auth
|
||||||
|
option: enabled
|
||||||
|
value: "false"
|
||||||
|
- section: auth.ldap
|
||||||
|
option: enabled
|
||||||
|
value: "true"
|
||||||
|
- section: alerting
|
||||||
|
option: enabled
|
||||||
|
value: "false"
|
||||||
|
- section: database
|
||||||
|
option: type
|
||||||
|
value: "{{ grafana.database.type }}"
|
||||||
|
- section: database
|
||||||
|
option: host
|
||||||
|
value: "{{ grafana.database.host }}"
|
||||||
|
- section: database
|
||||||
|
option: name
|
||||||
|
value: "{{ grafana.database.name }}"
|
||||||
|
- section: database
|
||||||
|
option: user
|
||||||
|
value: "{{ grafana.database.user }}"
|
||||||
|
- section: database
|
||||||
|
option: password
|
||||||
|
value: "{{ grafana.database.password }}"
|
||||||
|
notify: Restart grafana
|
||||||
|
|
||||||
|
- name: Configure Grafana LDAP
|
||||||
|
template:
|
||||||
|
src: ldap.toml.j2
|
||||||
|
dest: /etc/grafana/ldap.toml
|
||||||
|
mode: 0640
|
||||||
|
notify: Restart grafana
|
||||||
|
|
||||||
|
- name: Enable and start Grafana
|
||||||
|
systemd:
|
||||||
|
name: grafana-server
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: true
|
61
roles/grafana/templates/ldap.toml.j2
Normal file
61
roles/grafana/templates/ldap.toml.j2
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
||||||
|
# [log]
|
||||||
|
# filters = ldap:debug
|
||||||
|
|
||||||
|
[[servers]]
|
||||||
|
# Ldap server host (specify multiple hosts space separated)
|
||||||
|
host = "{{ grafana.ldap.host }}"
|
||||||
|
# Default port is 389 or 636 if use_ssl = true
|
||||||
|
port = 389
|
||||||
|
# Set to true if ldap server supports TLS
|
||||||
|
use_ssl = false
|
||||||
|
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
||||||
|
start_tls = false
|
||||||
|
# set to true if you want to skip ssl cert validation
|
||||||
|
ssl_skip_verify = false
|
||||||
|
# set to the path to your root CA certificate or leave unset to use system defaults
|
||||||
|
# root_ca_cert = "/path/to/certificate.crt"
|
||||||
|
# Authentication against LDAP servers requiring client certificates
|
||||||
|
# client_cert = "/path/to/client.crt"
|
||||||
|
# client_key = "/path/to/client.key"
|
||||||
|
|
||||||
|
# Search user bind dn
|
||||||
|
bind_dn = "{{ grafana.ldap.bind_dn }}"
|
||||||
|
# Search user bind password
|
||||||
|
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||||
|
bind_password = '{{ grafana.ldap.bind_password }}'
|
||||||
|
|
||||||
|
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
||||||
|
search_filter = "(cn=%s)"
|
||||||
|
|
||||||
|
# An array of base dns to search through
|
||||||
|
search_base_dns = ["{{ grafana.ldap.search_base_dns }}"]
|
||||||
|
|
||||||
|
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
||||||
|
## Please check grafana LDAP docs for examples
|
||||||
|
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
||||||
|
group_search_base_dns = ["{{ grafana.ldap.group_search_base_dns }}"]
|
||||||
|
group_search_filter_user_attribute = "cn"
|
||||||
|
|
||||||
|
# Specify names of the ldap attributes your ldap uses
|
||||||
|
[servers.attributes]
|
||||||
|
name = "sn"
|
||||||
|
surname = ""
|
||||||
|
username = "cn"
|
||||||
|
member_of = "dn"
|
||||||
|
email = "mail"
|
||||||
|
|
||||||
|
# Editors
|
||||||
|
{% for group_dn in grafana.ldap.editors_group_dn %}
|
||||||
|
[[servers.group_mappings]]
|
||||||
|
group_dn = "{{ group_dn }}"
|
||||||
|
org_role = "Editor"
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
# Viewers
|
||||||
|
[[servers.group_mappings]]
|
||||||
|
# If you want to match all (or no ldap groups) then you can use wildcard
|
||||||
|
group_dn = "*"
|
||||||
|
org_role = "Viewer"
|
||||||
|
|
|
@ -60,3 +60,4 @@ tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,24 @@
|
||||||
|
# see "man logrotate" for details
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# global options do not affect preceding include directives
|
||||||
|
|
||||||
|
# rotate log files weekly
|
||||||
weekly
|
weekly
|
||||||
|
|
||||||
|
# keep 4 weeks worth of backlogs
|
||||||
rotate 4
|
rotate 4
|
||||||
|
|
||||||
|
# create new (empty) log files after rotating old ones
|
||||||
create
|
create
|
||||||
|
|
||||||
|
# use date as a suffix of the rotated file
|
||||||
|
#dateext
|
||||||
|
|
||||||
|
# uncomment this if you want your log files compressed
|
||||||
|
#compress
|
||||||
|
|
||||||
|
# packages drop log rotation information into this directory
|
||||||
include /etc/logrotate.d
|
include /etc/logrotate.d
|
||||||
|
|
||||||
|
# system-specific logs may also be configured here.
|
||||||
|
|
|
@ -148,14 +148,6 @@
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 10-nginx
|
|
||||||
message: >-
|
|
||||||
NGinx est installé sur ce serveur. Voir /etc/nginx.
|
|
||||||
|
|
||||||
- name: Clean old files
|
- name: Clean old files
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
|
|
4
roles/openssh_server/defaults/main.yml
Normal file
4
roles/openssh_server/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
openssh_authorized_principals:
|
||||||
|
- any
|
||||||
|
...
|
6
roles/openssh_server/handlers/main.yml
Normal file
6
roles/openssh_server/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: Restart sshd
|
||||||
|
systemd:
|
||||||
|
name: ssh.service
|
||||||
|
state: restarted
|
||||||
|
...
|
39
roles/openssh_server/tasks/main.yml
Normal file
39
roles/openssh_server/tasks/main.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
- name: Install OpenSSH server
|
||||||
|
apt:
|
||||||
|
name: openssh-server
|
||||||
|
|
||||||
|
- name: Enable OpenSSH Server
|
||||||
|
systemd:
|
||||||
|
name: sshd.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Install sshd configuration file
|
||||||
|
template:
|
||||||
|
src: sshd_config.j2
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=r,g=,o=
|
||||||
|
validate: "/usr/sbin/sshd -tf %s"
|
||||||
|
notify: Restart sshd
|
||||||
|
|
||||||
|
- name: Install Users CA public key
|
||||||
|
copy:
|
||||||
|
content: "{{ openssh_users_ca_public_key }}"
|
||||||
|
dest: /etc/ssh/users_ca.pub
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=r,g=,o=
|
||||||
|
notify: Restart sshd
|
||||||
|
|
||||||
|
- name: Install authorized principals file
|
||||||
|
copy:
|
||||||
|
content: "{{ openssh_authorized_principals | join('\n') }}"
|
||||||
|
dest: /etc/ssh/authorized_principals
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=r,g=,o=
|
||||||
|
notify: Restart sshd
|
||||||
|
...
|
45
roles/openssh_server/templates/sshd_config.j2
Normal file
45
roles/openssh_server/templates/sshd_config.j2
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
SyslogFacility AUTH
|
||||||
|
LogLevel VERBOSE
|
||||||
|
|
||||||
|
AddressFamily any
|
||||||
|
ListenAddress 0.0.0.0
|
||||||
|
ListenAddress ::
|
||||||
|
|
||||||
|
Port 22
|
||||||
|
|
||||||
|
MaxStartups 10:30:100
|
||||||
|
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||||
|
|
||||||
|
# https://infosec.mozilla.org/guidelines/openssh.html
|
||||||
|
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
|
||||||
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||||
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
||||||
|
|
||||||
|
AuthenticationMethods publickey
|
||||||
|
|
||||||
|
TrustedUserCAKeys /etc/ssh/users_ca.pub
|
||||||
|
AuthorizedPrincipalsFile /etc/ssh/authorized_principals
|
||||||
|
|
||||||
|
StrictModes yes
|
||||||
|
UsePAM no
|
||||||
|
PermitRootLogin yes
|
||||||
|
PermitUserRC no
|
||||||
|
PermitUserEnvironment no
|
||||||
|
AllowAgentForwarding no
|
||||||
|
AllowTcpForwarding yes
|
||||||
|
X11Forwarding no
|
||||||
|
PermitTTY yes
|
||||||
|
PermitTunnel no
|
||||||
|
VersionAddendum none
|
||||||
|
PrintLastLog yes
|
||||||
|
PrintMotd yes
|
||||||
|
TCPKeepAlive yes
|
||||||
|
UseDNS no
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
# URL to clone
|
|
||||||
passbolt_repo: https://github.com/passbolt/passbolt_api.git
|
|
||||||
passbolt_version: v2.10.0
|
|
||||||
|
|
||||||
# Install target
|
|
||||||
passbolt_path: /var/www/passbolt
|
|
||||||
|
|
||||||
# User used to run passbolt
|
|
||||||
passbolt_user: www-data
|
|
|
@ -1,39 +0,0 @@
|
||||||
---
|
|
||||||
# See https://help.passbolt.com/hosting/install/ce/from-source.html
|
|
||||||
|
|
||||||
- name: Clone passbolt project
|
|
||||||
git:
|
|
||||||
repo: "{{ passbolt_repo }}"
|
|
||||||
dest: "{{ passbolt_path }}"
|
|
||||||
version: "{{ passbolt_version }}"
|
|
||||||
become: true
|
|
||||||
become_user: "{{ passbolt_user }}"
|
|
||||||
|
|
||||||
- name: Install passbolt dependencies
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- composer
|
|
||||||
- php-fpm
|
|
||||||
- php-intl
|
|
||||||
- php-gnupg
|
|
||||||
- php-gd
|
|
||||||
- php-mysql
|
|
||||||
- nginx
|
|
||||||
- mariadb-server
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
||||||
# Setup dependencies
|
|
||||||
- name: Install passbolt PHP dependencies
|
|
||||||
composer:
|
|
||||||
command: install
|
|
||||||
working_dir: "{{ passbolt_path }}"
|
|
||||||
no_dev: true
|
|
||||||
become: true
|
|
||||||
become_user: "{{ passbolt_user }}"
|
|
||||||
register: composer_result
|
|
||||||
retries: 3
|
|
||||||
until: composer_result is succeeded
|
|
|
@ -55,7 +55,7 @@
|
||||||
lc_collate: en_US.UTF-8
|
lc_collate: en_US.UTF-8
|
||||||
lc_ctype: en_US.UTF-8
|
lc_ctype: en_US.UTF-8
|
||||||
template: template0
|
template: template0
|
||||||
loop: "{{ postgresql_databases }}"
|
loop: "{{ postgresql.databases | default([]) }}"
|
||||||
|
|
||||||
- name: Create users
|
- name: Create users
|
||||||
become: true
|
become: true
|
||||||
|
@ -65,7 +65,7 @@
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
password: "{{ item.password }}"
|
password: "{{ item.password }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
loop: "{{ postgresql_users }}"
|
loop: "{{ postgresql.users | default([]) }}"
|
||||||
|
|
||||||
- name: Grant privileges to users
|
- name: Grant privileges to users
|
||||||
become: true
|
become: true
|
||||||
|
@ -77,5 +77,5 @@
|
||||||
privs: "{{ item.privs | join(',') }}"
|
privs: "{{ item.privs | join(',') }}"
|
||||||
obj: "{{ item.database }}"
|
obj: "{{ item.database }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
loop: "{{ postgresql_users }}"
|
loop: "{{ postgresql.users | default([]) }}"
|
||||||
...
|
...
|
7
roles/postgresql/templates/postgresql/pg_hba.conf.j2
Normal file
7
roles/postgresql/templates/postgresql/pg_hba.conf.j2
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# TYPE DATABASE USER ADDRESS METHOD
|
||||||
|
local all postgres peer map=map_local
|
||||||
|
{% for host in postgresql.hosts | default([]) %}
|
||||||
|
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
|
||||||
|
{% endfor %}
|
5
roles/postgresql/templates/postgresql/pg_ident.conf.j2
Normal file
5
roles/postgresql/templates/postgresql/pg_ident.conf.j2
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
||||||
|
map_local root postgres
|
||||||
|
map_local postgres postgres
|
|
@ -1,5 +0,0 @@
|
||||||
---
|
|
||||||
postgresql_hosts: []
|
|
||||||
postgresql_databases: []
|
|
||||||
postgresql_users: []
|
|
||||||
...
|
|
|
@ -1,19 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# TYPE DATABASE USER ADDRESS METHOD
|
|
||||||
|
|
||||||
# DO NOT DISABLE!
|
|
||||||
# If you change this first entry you will need to make sure that the
|
|
||||||
# database superuser can access the database using some other method.
|
|
||||||
# Noninteractive access to all databases is required during automatic
|
|
||||||
# maintenance (custom daily cronjobs, replication, and similar tasks).
|
|
||||||
#
|
|
||||||
# Database administrative login by Unix domain socket
|
|
||||||
local all postgres peer map=map_root
|
|
||||||
|
|
||||||
# "local" is for Unix domain socket connections only
|
|
||||||
local all all peer
|
|
||||||
|
|
||||||
{% for host in postgresql_hosts %}
|
|
||||||
host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }}
|
|
||||||
{% endfor %}
|
|
|
@ -1,4 +0,0 @@
|
||||||
{{ ansible_managed | comment }}
|
|
||||||
|
|
||||||
# MAPNAME SYSTEM-USERNAME PG-USERNAME
|
|
||||||
map_root root postgress
|
|
|
@ -18,8 +18,30 @@
|
||||||
mode: u=r,g=r,o=
|
mode: u=r,g=r,o=
|
||||||
loop:
|
loop:
|
||||||
- prometheus.yml
|
- prometheus.yml
|
||||||
- alert.rules.yml
|
notify: Restart Prometheus
|
||||||
|
|
||||||
|
- name: Creates directory for alerts
|
||||||
|
file:
|
||||||
|
path: /etc/prometheus/alerts
|
||||||
|
state: directory
|
||||||
|
owner: prometheus
|
||||||
|
group: prometheus
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Configure Prometheus alerts
|
||||||
|
template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "/etc/prometheus/alerts/{{ item }}"
|
||||||
|
owner: prometheus
|
||||||
|
group: prometheus
|
||||||
|
mode: u=r,g=r,o=
|
||||||
|
loop:
|
||||||
|
- server.rules.yml
|
||||||
|
- docker.rules.yml
|
||||||
- django.rules.yml
|
- django.rules.yml
|
||||||
|
- ups.rules.yml
|
||||||
|
- postgres.rules.yml
|
||||||
|
- environmental.rules.yml
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
|
|
||||||
- name: Make Prometheus snmp-exporter listen on localhost only
|
- name: Make Prometheus snmp-exporter listen on localhost only
|
||||||
|
@ -29,14 +51,16 @@
|
||||||
line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
|
line: "ARGS=\"--web.listen-address=127.0.0.1:9116\""
|
||||||
notify: Restart prometheus-snmp-exporter
|
notify: Restart prometheus-snmp-exporter
|
||||||
|
|
||||||
# This file store SNMP OIDs
|
# These files store SNMP OIDs
|
||||||
- name: Configure Prometheus snmp-exporter
|
- name: Configure Prometheus snmp-exporter
|
||||||
template:
|
template:
|
||||||
src: snmp.yml.j2
|
src: "{{ item }}.j2"
|
||||||
dest: /etc/prometheus/snmp.yml
|
dest: "/etc/prometheus/{{ item }}"
|
||||||
owner: prometheus
|
owner: prometheus
|
||||||
group: prometheus
|
group: prometheus
|
||||||
mode: u=r,g=r,o=
|
mode: u=r,g=r,o=
|
||||||
|
loop:
|
||||||
|
- snmp.yml
|
||||||
notify: Restart prometheus-snmp-exporter
|
notify: Restart prometheus-snmp-exporter
|
||||||
|
|
||||||
# We don't need to restart Prometheus when updating nodes
|
# We don't need to restart Prometheus when updating nodes
|
||||||
|
@ -75,17 +99,23 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: prometheus_docker_targets is defined
|
when: prometheus_docker_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus postgres monitoring
|
||||||
|
copy:
|
||||||
|
content: "{{ prometheus_postgres_targets | to_nice_json }}\n"
|
||||||
|
dest: /etc/prometheus/targets_postgres.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_postgres_targets is defined
|
||||||
|
|
||||||
|
- name: Configure Prometheus apc_pdu monitoring
|
||||||
|
copy:
|
||||||
|
content: "{{ [{'targets': prometheus_pdu_snmp_targets }] | to_nice_json }}\n"
|
||||||
|
dest: /etc/prometheus/targets_apc_pdu_snmp.json
|
||||||
|
mode: 0644
|
||||||
|
when: prometheus_pdu_snmp_targets is defined
|
||||||
|
|
||||||
- name: Activate prometheus service
|
- name: Activate prometheus service
|
||||||
systemd:
|
systemd:
|
||||||
name: prometheus
|
name: prometheus
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 05-prometheus
|
|
||||||
message: >-
|
|
||||||
Prometheus est déployé sur cette machine (voir /etc/prometheus)
|
|
||||||
...
|
...
|
||||||
|
|
50
roles/prometheus/templates/docker.rules.yml.j2
Normal file
50
roles/prometheus/templates/docker.rules.yml.j2
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
---
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% macro raw(string) -%}
|
||||||
|
{{ "{{" }} {{ string }} {{ "}}" }}
|
||||||
|
{%- endmacro %}
|
||||||
|
|
||||||
|
groups:
|
||||||
|
|
||||||
|
- name: docker.rules
|
||||||
|
rules:
|
||||||
|
|
||||||
|
- alert: ContainerDown
|
||||||
|
expr: docker_container_running_state != 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Le container Docker est éteint / tombé
|
||||||
|
(container {{ raw('$labels.name') }})
|
||||||
|
|
||||||
|
- alert: ContainerFailed
|
||||||
|
expr: sum(increase(docker_container_restart_count[5m])) > 2
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Le container Docker redémarre souvent
|
||||||
|
(container {{ raw('$labels.name') }})
|
||||||
|
|
||||||
|
- alert: ContainerFailed
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
docker_container_cpu_used_total
|
||||||
|
/
|
||||||
|
docker_container_cpu_capacity_total
|
||||||
|
) * 100
|
||||||
|
> 30
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Le container Docker utilise beaucoup de CPU
|
||||||
|
(container {{ raw('$labels.name') }},
|
||||||
|
valeur {{ raw('$value | printf "%.1f"') }})
|
||||||
|
|
||||||
|
...
|
52
roles/prometheus/templates/environmental.rules.yml.j2
Normal file
52
roles/prometheus/templates/environmental.rules.yml.j2
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% macro raw(string) -%}
|
||||||
|
{{ "{{" }} {{ string }} {{ "}}" }}
|
||||||
|
{%- endmacro %}
|
||||||
|
|
||||||
|
groups:
|
||||||
|
|
||||||
|
- name: environmental.rules
|
||||||
|
rules:
|
||||||
|
|
||||||
|
- alert: EnvironmentalTemperature
|
||||||
|
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 30
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Température environnementale à {{ raw('$value') }}°
|
||||||
|
|
||||||
|
- alert: EnvironmentalTemperature
|
||||||
|
expr: rPDU2SensorTempHumidityStatusTempC / 10 > 40
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Température environnementale à {{ raw('$value') }}°
|
||||||
|
|
||||||
|
|
||||||
|
- alert: EnvironmentalTemperature
|
||||||
|
expr: xupsEnvRemoteTemp > 30
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Température environnementale à {{ raw('$value') }}°
|
||||||
|
|
||||||
|
- alert: EnvironmentalTemperature
|
||||||
|
expr: xupsEnvRemoteTemp > 40
|
||||||
|
for: 10m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Température environnementale à {{ raw('$value') }}°
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
...
|
219
roles/prometheus/templates/postgres.rules.yml.j2
Normal file
219
roles/prometheus/templates/postgres.rules.yml.j2
Normal file
|
@ -0,0 +1,219 @@
|
||||||
|
---
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% macro raw(string) -%}
|
||||||
|
{{ "{{" }} {{ string }} {{ "}}" }}
|
||||||
|
{%- endmacro %}
|
||||||
|
|
||||||
|
groups:
|
||||||
|
|
||||||
|
- name: postgres.rules
|
||||||
|
rules:
|
||||||
|
- alert: PostgresqlDown
|
||||||
|
expr: pg_up == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: Serveur PostgreSQL down
|
||||||
|
|
||||||
|
- alert: PostgresqlRestarted
|
||||||
|
expr: time() - pg_postmaster_start_time_seconds < 60
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: Serveur PostgreSQL redémarré
|
||||||
|
|
||||||
|
- alert: PostgresqlExporterError
|
||||||
|
expr: pg_exporter_last_scrape_error > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: Erreur dans l'exporter PostgreSQL
|
||||||
|
|
||||||
|
- alert: PostgresqlReplicationLag
|
||||||
|
expr:
|
||||||
|
pg_replication_lag > 30
|
||||||
|
and
|
||||||
|
ON(instance) pg_replication_is_replica == 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
La réplication PostgreSQL lag ({{ raw('$value') }} > 30s)
|
||||||
|
(base de données {{ raw('$labels.datname') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlTableNotVaccumed
|
||||||
|
expr:
|
||||||
|
time() - pg_stat_user_tables_last_autovacuum
|
||||||
|
> 60 * 60 * 24
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Le démon autovacuum n'a pas été lancé depuis 24h
|
||||||
|
(base de données {{ raw('$labels.datname') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlTableNotAnalyzed
|
||||||
|
expr:
|
||||||
|
time() - pg_stat_user_tables_last_autoanalyze
|
||||||
|
> 60 * 60 * 24
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Table non-analysée depuis 24h
|
||||||
|
(base de données {{ raw('$labels.datname') }})
|
||||||
|
|
||||||
|
- alert: PostgresqlTooManyConnections
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
sum by (datname)
|
||||||
|
(pg_stat_activity_count{datname!~"template.*|postgres"})
|
||||||
|
) * 100
|
||||||
|
> pg_settings_max_connections * 80
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
PostgreSQL a trop de connexions
|
||||||
|
({{ raw('$value | printf "%.1f"') }} > 80%)
|
||||||
|
(base de données {{ raw('$labels.datname') }})
|
||||||
|
|
||||||
|
- alert: PostgresqlDeadLocks
|
||||||
|
expr: increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
PostgreSQL a plus de 5 deadlocks.
|
||||||
|
(base de données {{ raw('$labels.datname') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlSlowQueries
|
||||||
|
expr: pg_slow_queries > 0
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Présence de requêtes lentes (slow-queries)
|
||||||
|
(base de données {{ raw('$labels.datname') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlHighRollbackRate
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
rate(pg_stat_database_xact_rollback{datname!~"template.*"}[3m]) /
|
||||||
|
rate(pg_stat_database_xact_commit{datname!~"template.*"}[3m])
|
||||||
|
) * 100
|
||||||
|
> 7
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
PostgreSQL a un taux de retour en arrière (rollback) élevé
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} %)
|
||||||
|
|
||||||
|
- alert: PostgresqlWaleReplicationStopped
|
||||||
|
expr: rate(pg_xlog_position_bytes[1m]) == 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Réplication de PostgreSQL WALE stoppée
|
||||||
|
(base de données {{ raw('$labels.datname') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlHighRateStatementTimeout
|
||||||
|
expr: rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Beaucoup de requêtes PostgreSQL sont timeout
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlHighRateDeadlock
|
||||||
|
expr: increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
PostgreSQL a un fort taux de deadlock
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
|
||||||
|
|
||||||
|
# - alert: PostgresqlReplicationLagBytes
|
||||||
|
# expr:
|
||||||
|
# (pg_xlog_position_bytes and pg_replication_is_replica == 0)
|
||||||
|
# - GROUP_RIGHT(instance) (pg_xlog_position_bytes and pg_replication_is_replica == 1)
|
||||||
|
# > 1e+09
|
||||||
|
# for: 0m
|
||||||
|
# labels:
|
||||||
|
# severity: critical
|
||||||
|
# annotations:
|
||||||
|
# summary: La réplication Postgresql a des octets de retard (instance {{ raw('$labels.name') }}, value {{ raw('$value') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlTooManyDeadTuples
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
(pg_stat_user_tables_n_dead_tup > 10000)
|
||||||
|
/ (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)
|
||||||
|
) >= 0.1 unless ON(instance) (pg_replication_is_replica == 1)
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Les tuples morts PostgreSQL sont trop volumineux
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value | printf "%.1f"') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlSplitBrain
|
||||||
|
expr: count(pg_replication_is_replica == 0) != 1
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Split Brain : trop de bases de données PostgreSQL primaires en mode lecture-écriture
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value') }} )
|
||||||
|
|
||||||
|
- alert: PostgresqlPromotedNode
|
||||||
|
expr:
|
||||||
|
pg_replication_is_replica
|
||||||
|
and
|
||||||
|
changes(pg_replication_is_replica[1m]) > 0
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Le serveur de secours PostgreSQL a été promu comme nœud principal
|
||||||
|
(base de données {{ raw('$labels.datname') }}, valeur {{ raw('$value') }})
|
||||||
|
|
||||||
|
- alert: PostgresqlTooManyLocksAcquired
|
||||||
|
expr:
|
||||||
|
(
|
||||||
|
(sum (pg_locks_count))
|
||||||
|
/ (pg_settings_max_locks_per_transaction * pg_settings_max_connections)
|
||||||
|
) * 100 > 20
|
||||||
|
for: 2m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Trop de deadlocks acquis sur la base de données.
|
||||||
|
Si cette alerte se produit fréquemment, nous devrons peut-être augmenter
|
||||||
|
le paramètre postgres max_locks_per_transaction
|
||||||
|
(Valeur = {{ raw('$value | printf "%.1f"') }} )
|
||||||
|
|
||||||
|
...
|
||||||
|
|
|
@ -20,8 +20,7 @@ alerting:
|
||||||
|
|
||||||
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
||||||
rule_files:
|
rule_files:
|
||||||
- "alert.rules.yml" # Monitoring alerts, this is the file you may be searching!
|
- "alerts/*.yml" # Monitoring alerts, this is the file you may be searching!
|
||||||
- "django.rules.yml" # Custom rules specific for Django project monitoring
|
|
||||||
|
|
||||||
# A scrape configuration containing exactly one endpoint to scrape:
|
# A scrape configuration containing exactly one endpoint to scrape:
|
||||||
# Here it's Prometheus itself.
|
# Here it's Prometheus itself.
|
||||||
|
@ -101,4 +100,44 @@ scrape_configs:
|
||||||
file_sd_configs:
|
file_sd_configs:
|
||||||
- files:
|
- files:
|
||||||
- '/etc/prometheus/targets_docker.json'
|
- '/etc/prometheus/targets_docker.json'
|
||||||
|
relabel_configs:
|
||||||
|
# Do not put :8087 in instance name, rather here
|
||||||
|
- source_labels: [__address__]
|
||||||
|
target_label: __param_target
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: instance
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: __address__
|
||||||
|
replacement: '$1:8087'
|
||||||
|
|
||||||
|
- job_name: postgresql
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- '/etc/prometheus/targets_postgres.json'
|
||||||
|
relabel_configs:
|
||||||
|
# Do not put :9187 in instance name, rather here
|
||||||
|
- source_labels: [__address__]
|
||||||
|
target_label: __param_target
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: instance
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: __address__
|
||||||
|
replacement: '$1:9187'
|
||||||
|
|
||||||
|
- job_name: apc_pdu_snmp
|
||||||
|
file_sd_configs:
|
||||||
|
- files:
|
||||||
|
- '/etc/prometheus/targets_apc_pdu_snmp.json'
|
||||||
|
metrics_path: /snmp
|
||||||
|
params:
|
||||||
|
module:
|
||||||
|
- apc_pdu
|
||||||
|
relabel_configs:
|
||||||
|
- source_labels: [__address__]
|
||||||
|
target_label: __param_target
|
||||||
|
- source_labels: [__param_target]
|
||||||
|
target_label: instance
|
||||||
|
- target_label: __address__
|
||||||
|
replacement: 127.0.0.1:9116
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
groups:
|
groups:
|
||||||
|
|
||||||
- name: alert.rules
|
- name: server.rules
|
||||||
rules:
|
rules:
|
||||||
|
|
||||||
- alert: InstanceDown
|
- alert: InstanceDown
|
||||||
|
@ -50,7 +50,7 @@ groups:
|
||||||
node_memory_SwapFree_bytes
|
node_memory_SwapFree_bytes
|
||||||
/ node_memory_SwapTotal_bytes
|
/ node_memory_SwapTotal_bytes
|
||||||
)
|
)
|
||||||
) * 100 > 10
|
) * 100 >= 20
|
||||||
for: 3m
|
for: 3m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
|
@ -149,78 +149,11 @@ groups:
|
||||||
summary: >
|
summary: >
|
||||||
Charge à {{ raw('$value') }}
|
Charge à {{ raw('$value') }}
|
||||||
|
|
||||||
- alert: UpsOutputSourceChanged
|
- alert: UnhealthyDisk
|
||||||
expr: upsOutputSource != 3
|
expr: smartmon_device_smart_healthy < 1
|
||||||
for: 0m
|
for: 10m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: "critical"
|
||||||
annotations:
|
annotations:
|
||||||
summary: >-
|
summary: "Le Disque {{ raw('$labels.disk') }} n'est pas en bonne santé !"
|
||||||
Source d'alimentation changée
|
|
||||||
|
|
||||||
- alert: UpsBatteryStatus
|
|
||||||
expr: upsBatteryStatus == 3
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
État de la batterie faible
|
|
||||||
|
|
||||||
- alert: UpsBatteryStatus
|
|
||||||
expr: upsBatteryStatus == 4
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
État de la batterie critique
|
|
||||||
|
|
||||||
- alert: UpsHighLoad
|
|
||||||
expr: upsOutputPercentLoad > 70
|
|
||||||
for: 3m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Charge de {{ raw('$value | printf "%.1f"') }}%
|
|
||||||
|
|
||||||
- alert: UpsWrongInputVoltage
|
|
||||||
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
|
|
||||||
for: 5m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Tension d'entrée de {{ raw('$value') }}V
|
|
||||||
|
|
||||||
- alert: UpsWrongOutputVoltage
|
|
||||||
expr: >-
|
|
||||||
abs(upsInputVoltage - avg_over_time(upsOutputVoltage[1d]))
|
|
||||||
< 3 * stddev_over_time(upsOutputVoltage[1d])
|
|
||||||
for: 5m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Tension de sortie de {{ raw('$value') }}V
|
|
||||||
|
|
||||||
- alert: UpsTimeRemaining
|
|
||||||
expr: upsEstimatedMinutesRemaining < 8
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Autonomie restante de {{ raw('$value') }} min
|
|
||||||
|
|
||||||
- alert: UpsTimeRemaining
|
|
||||||
expr: upsEstimatedMinutesRemaining < 5
|
|
||||||
for: 0m
|
|
||||||
labels:
|
|
||||||
severity: critical
|
|
||||||
annotations:
|
|
||||||
summary: >-
|
|
||||||
Autonomie restante de {{ raw('$value') }} min
|
|
||||||
|
|
||||||
...
|
...
|
|
@ -416,4 +416,70 @@ ubiquiti_unifi:
|
||||||
auth_protocol: SHA
|
auth_protocol: SHA
|
||||||
priv_protocol: AES
|
priv_protocol: AES
|
||||||
priv_password: {{ snmp_unifi_password }}
|
priv_password: {{ snmp_unifi_password }}
|
||||||
|
|
||||||
|
|
||||||
|
apc_pdu:
|
||||||
|
walk:
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.4.3.1.4
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.4.3.1.5
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.4.3.1.6
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.6.3.1.9
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
|
||||||
|
metrics:
|
||||||
|
- name: rPDU2SensorTempHumidityStatusTempC
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
|
||||||
|
type: gauge
|
||||||
|
help: Sensor temperature reading in tenths of degrees Celsius - 1.3.6.1.4.1.318.1.1.26.10.2.2.1.8
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2SensorTempHumidityStatusIndex
|
||||||
|
type: gauge
|
||||||
|
- name: rPDU2DeviceStatusLoadState
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.4
|
||||||
|
type: gauge
|
||||||
|
help: Indicates the present load status of the Rack PDU - 1.3.6.1.4.1.318.1.1.26.4.3.1.4
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2DeviceStatusIndex
|
||||||
|
type: gauge
|
||||||
|
- name: rPDU2DeviceStatusPower
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.5
|
||||||
|
type: gauge
|
||||||
|
help: The power consumption of the Rack PDU load in hundredths of kilowatts -
|
||||||
|
1.3.6.1.4.1.318.1.1.26.4.3.1.5
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2DeviceStatusIndex
|
||||||
|
type: gauge
|
||||||
|
- name: rPDU2DeviceStatusPeakPower
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.4.3.1.6
|
||||||
|
type: gauge
|
||||||
|
help: The peak power consumption of the Rack PDU load in hundredths of kilowatts
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.4.3.1.6
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2DeviceStatusIndex
|
||||||
|
type: gauge
|
||||||
|
- name: rPDU2PhaseStatusPowerFactor
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.6.3.1.9
|
||||||
|
type: gauge
|
||||||
|
help: Indicates the load power factor, in hundredths, of the Rack PDU phase being
|
||||||
|
queried - 1.3.6.1.4.1.318.1.1.26.6.3.1.9
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2PhaseStatusIndex
|
||||||
|
type: gauge
|
||||||
|
- name: rPDU2OutletMeteredStatusPower
|
||||||
|
oid: 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
|
||||||
|
type: gauge
|
||||||
|
help: Indicates the power draw of the load on the Rack PDU outlet being queried
|
||||||
|
- 1.3.6.1.4.1.318.1.1.26.9.4.3.1.7
|
||||||
|
indexes:
|
||||||
|
- labelname: rPDU2OutletMeteredStatusIndex
|
||||||
|
type: gauge
|
||||||
|
version: 3
|
||||||
|
auth:
|
||||||
|
security_level: authPriv
|
||||||
|
username: {{ snmp_pdu_user }}
|
||||||
|
password: {{ snmp_pdu_password }}
|
||||||
|
auth_protocol: SHA
|
||||||
|
priv_protocol: AES
|
||||||
|
priv_password: {{ snmp_pdu_password }}
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
87
roles/prometheus/templates/ups.rules.yml.j2
Normal file
87
roles/prometheus/templates/ups.rules.yml.j2
Normal file
|
@ -0,0 +1,87 @@
|
||||||
|
---
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
{% macro raw(string) -%}
|
||||||
|
{{ "{{" }} {{ string }} {{ "}}" }}
|
||||||
|
{%- endmacro %}
|
||||||
|
|
||||||
|
groups:
|
||||||
|
|
||||||
|
- name: ups.rules
|
||||||
|
rules:
|
||||||
|
|
||||||
|
- alert: UpsOutputSourceChanged
|
||||||
|
expr: upsOutputSource != 3
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Source d'alimentation changée
|
||||||
|
|
||||||
|
- alert: UpsBatteryStatus
|
||||||
|
expr: upsBatteryStatus == 3
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
État de la batterie faible
|
||||||
|
|
||||||
|
- alert: UpsBatteryStatus
|
||||||
|
expr: upsBatteryStatus == 4
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
État de la batterie critique
|
||||||
|
|
||||||
|
- alert: UpsHighLoad
|
||||||
|
expr: upsOutputPercentLoad > 70
|
||||||
|
for: 3m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Charge de {{ raw('$value | printf "%.1f"') }}%
|
||||||
|
|
||||||
|
- alert: UpsWrongInputVoltage
|
||||||
|
expr: (upsInputVoltage < 210) or (upsInputVoltage > 250)
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Tension d'entrée de {{ raw('$value') }}V
|
||||||
|
|
||||||
|
- alert: UpsWrongOutputVoltage
|
||||||
|
expr: >-
|
||||||
|
abs(upsInputVoltage - avg_over_time(upsOutputVoltage[1d]))
|
||||||
|
< 3 * stddev_over_time(upsOutputVoltage[1d])
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Tension de sortie de {{ raw('$value') }}V
|
||||||
|
|
||||||
|
- alert: UpsTimeRemaining
|
||||||
|
expr: upsEstimatedMinutesRemaining < 8
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: warning
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Autonomie restante de {{ raw('$value') }} min
|
||||||
|
|
||||||
|
- alert: UpsTimeRemaining
|
||||||
|
expr: upsEstimatedMinutesRemaining < 5
|
||||||
|
for: 0m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: >-
|
||||||
|
Autonomie restante de {{ raw('$value') }} min
|
||||||
|
|
||||||
|
...
|
112
roles/prometheus_federate/files/prometheus
Normal file
112
roles/prometheus_federate/files/prometheus
Normal file
|
@ -0,0 +1,112 @@
|
||||||
|
# Set the command-line arguments to pass to the server.
|
||||||
|
ARGS="--log.level=debug --storage.tsdb.retention.time=120d"
|
||||||
|
|
||||||
|
# Prometheus supports the following options:
|
||||||
|
# --config.file="/etc/prometheus/prometheus.yml"
|
||||||
|
# Prometheus configuration file path.
|
||||||
|
# --web.listen-address="0.0.0.0:9090"
|
||||||
|
# Address to listen on for UI, API, and telemetry.
|
||||||
|
# --web.read-timeout=5m Maximum duration before timing out read of the
|
||||||
|
# request, and closing idle connections.
|
||||||
|
# --web.max-connections=512 Maximum number of simultaneous connections.
|
||||||
|
# --web.external-url=<URL> The URL under which Prometheus is externally
|
||||||
|
# reachable (for example, if Prometheus is served
|
||||||
|
# via a reverse proxy). Used for generating
|
||||||
|
# relative and absolute links back to Prometheus
|
||||||
|
# itself. If the URL has a path portion, it will
|
||||||
|
# be used to prefix all HTTP endpoints served by
|
||||||
|
# Prometheus. If omitted, relevant URL components
|
||||||
|
# will be derived automatically.
|
||||||
|
# --web.route-prefix=<path> Prefix for the internal routes of web endpoints.
|
||||||
|
# Defaults to path of --web.external-url.
|
||||||
|
# --web.local-assets="/usr/share/prometheus/web/"
|
||||||
|
# Path to static asset/templates directory.
|
||||||
|
# --web.user-assets=<path> Path to user asset directory, available at
|
||||||
|
# /user.
|
||||||
|
# --web.enable-lifecycle Enable shutdown and reload via HTTP request.
|
||||||
|
# --web.enable-admin-api Enable API endpoints for admin control actions.
|
||||||
|
# --web.console.templates="/etc/prometheus/consoles"
|
||||||
|
# Path to the console template directory,
|
||||||
|
# available at /consoles.
|
||||||
|
# --web.console.libraries="/etc/prometheus/console_libraries"
|
||||||
|
# Path to the console library directory.
|
||||||
|
# --web.page-title="Prometheus Time Series Collection and Processing Server"
|
||||||
|
# Document title of Prometheus instance.
|
||||||
|
# --web.cors.origin=".*" Regex for CORS origin. It is fully anchored.
|
||||||
|
# Example: 'https?://(domain1|domain2)\.com'
|
||||||
|
# --storage.tsdb.path="/var/lib/prometheus/metrics2/"
|
||||||
|
# Base path for metrics storage.
|
||||||
|
# --storage.tsdb.retention=15d
|
||||||
|
# [DEPRECATED] How long to retain samples in
|
||||||
|
# storage. This flag has been deprecated, use
|
||||||
|
# "storage.tsdb.retention.time" instead
|
||||||
|
# --storage.tsdb.retention.time=15d
|
||||||
|
# How long to retain samples in storage. When this
|
||||||
|
# flag is set it overrides
|
||||||
|
# "storage.tsdb.retention".
|
||||||
|
# If neither this flag nor "storage.tsdb.retention"
|
||||||
|
# nor "storage.tsdb.retention.size" is set, the
|
||||||
|
# retention time defaults to 15d.
|
||||||
|
# Units Supported: y, w, d, h, m, s, ms.
|
||||||
|
# --storage.tsdb.retention.size=
|
||||||
|
# [EXPERIMENTAL] Maximum number of bytes that can
|
||||||
|
# be stored for blocks. Units supported: KB, MB,
|
||||||
|
# GB, TB, PB. This flag is experimental and can be
|
||||||
|
# changed in future releases.
|
||||||
|
# --storage.tsdb.use-lockfile
|
||||||
|
# Create a lockfile in data directory.
|
||||||
|
# --storage.tsdb.allow-overlapping-blocks
|
||||||
|
# [EXPERIMENTAL] Allow overlapping blocks, which
|
||||||
|
# in turn enables vertical compaction and
|
||||||
|
# vertical query merge.
|
||||||
|
# --storage.tsdb.wal-compression
|
||||||
|
# Compress the tsdb WAL.
|
||||||
|
# --storage.remote.flush-deadline=<duration>
|
||||||
|
# How long to wait flushing sample on shutdown or
|
||||||
|
# config reload.
|
||||||
|
# --storage.remote.read-sample-limit=5e7
|
||||||
|
# Maximum overall number of samples to return via
|
||||||
|
# the remote read interface, in a single query. 0
|
||||||
|
# means no limit. This limit is ignored for
|
||||||
|
# streamed response types.
|
||||||
|
# --storage.remote.read-concurrent-limit=10
|
||||||
|
# Maximum number of concurrent remote read calls.
|
||||||
|
# 0 means no limit.
|
||||||
|
# --storage.remote.read-max-bytes-in-frame=1048576
|
||||||
|
# Maximum number of bytes in a single frame for
|
||||||
|
# streaming remote read response types before
|
||||||
|
# marshalling. Note that client might have limit on
|
||||||
|
# frame size as well. 1MB as recommended by
|
||||||
|
# protobuf by default.
|
||||||
|
# --rules.alert.for-outage-tolerance=1h
|
||||||
|
# Max time to tolerate prometheus outage for
|
||||||
|
# restoring "for" state of alert.
|
||||||
|
# --rules.alert.for-grace-period=10m
|
||||||
|
# Minimum duration between alert and restored "for"
|
||||||
|
# state. This is maintained only for alerts with
|
||||||
|
# configured "for" time greater than grace period.
|
||||||
|
# --rules.alert.resend-delay=1m
|
||||||
|
# Minimum amount of time to wait before resending
|
||||||
|
# an alert to Alertmanager.
|
||||||
|
# --alertmanager.notification-queue-capacity=10000
|
||||||
|
# The capacity of the queue for pending
|
||||||
|
# Alertmanager notifications.
|
||||||
|
# --alertmanager.timeout=10s
|
||||||
|
# Timeout for sending alerts to Alertmanager.
|
||||||
|
# --query.lookback-delta=5m The maximum lookback duration for retrieving
|
||||||
|
# metrics during expression evaluations and
|
||||||
|
# federation.
|
||||||
|
# --query.timeout=2m Maximum time a query may take before being
|
||||||
|
# aborted.
|
||||||
|
# --query.max-concurrency=20
|
||||||
|
# Maximum number of queries executed concurrently.
|
||||||
|
# --query.max-samples=50000000
|
||||||
|
# Maximum number of samples a single query can load
|
||||||
|
# into memory. Note that queries will fail if they
|
||||||
|
# try to load more samples than this into memory,
|
||||||
|
# so this also limits the number of samples a query
|
||||||
|
# can return.
|
||||||
|
# --log.level=info Only log messages with the given severity or
|
||||||
|
# above. One of: [debug, info, warn, error]
|
||||||
|
# --log.format=logfmt Output format of log messages. One of: [logfmt,
|
||||||
|
# json]
|
|
@ -20,6 +20,15 @@
|
||||||
- alert.rules.yml
|
- alert.rules.yml
|
||||||
notify: Restart Prometheus
|
notify: Restart Prometheus
|
||||||
|
|
||||||
|
- name: Define Prometheus retention time
|
||||||
|
copy:
|
||||||
|
src: files/prometheus
|
||||||
|
dest: /etc/default/prometheus
|
||||||
|
owner: prometheus
|
||||||
|
group: prometheus
|
||||||
|
mode: u=r,g=r,o=
|
||||||
|
notify: Restart Prometheus
|
||||||
|
|
||||||
# We don't need to restart Prometheus when updating nodes
|
# We don't need to restart Prometheus when updating nodes
|
||||||
- name: Configure Prometheus Federate devices
|
- name: Configure Prometheus Federate devices
|
||||||
copy:
|
copy:
|
||||||
|
@ -33,13 +42,4 @@
|
||||||
name: prometheus
|
name: prometheus
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 05-prometheus-federate
|
|
||||||
message: >-
|
|
||||||
Prometheus (en configuration fédération) est déployé sur cette
|
|
||||||
machine (voir /etc/prometheus)
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -31,11 +31,12 @@ scrape_configs:
|
||||||
params:
|
params:
|
||||||
match[]:
|
match[]:
|
||||||
- '{job="servers"}'
|
- '{job="servers"}'
|
||||||
|
- '{job="postgresql"}'
|
||||||
- '{job="prometheus"}'
|
- '{job="prometheus"}'
|
||||||
- '{job="unifi_snmp"}'
|
- '{job="unifi_snmp"}'
|
||||||
- '{job="django"}'
|
- '{job="django"}'
|
||||||
- '{job="ups_snmp"}'
|
- '{job="ups_snmp"}'
|
||||||
- '{job="django"}'
|
- '{job="apc_pdu_snmp"}'
|
||||||
- '{job="docker"}'
|
- '{job="docker"}'
|
||||||
- '{job="switch_snmp"}'
|
- '{job="switch_snmp"}'
|
||||||
...
|
...
|
||||||
|
|
32
roles/prometheus_node/files/apt.sh
Normal file
32
roles/prometheus_node/files/apt.sh
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Description: Expose metrics from apt updates.
|
||||||
|
#
|
||||||
|
# Author: Ben Kochie <superq@gmail.com>
|
||||||
|
|
||||||
|
upgrades="$(/usr/bin/apt-get --just-print dist-upgrade \
|
||||||
|
| /usr/bin/awk -F'[()]' \
|
||||||
|
'/^Inst/ { sub("^[^ ]+ ", "", $2); gsub(" ","",$2);
|
||||||
|
sub("\\[", " ", $2); sub("\\]", "", $2); print $2 }' \
|
||||||
|
| /usr/bin/sort \
|
||||||
|
| /usr/bin/uniq -c \
|
||||||
|
| awk '{ gsub(/\\\\/, "\\\\", $2); gsub(/\"/, "\\\"", $2);
|
||||||
|
gsub(/\[/, "", $3); gsub(/\]/, "", $3);
|
||||||
|
print "apt_upgrades_pending{origin=\"" $2 "\",arch=\"" $NF "\"} " $1}'
|
||||||
|
)"
|
||||||
|
|
||||||
|
echo '# HELP apt_upgrades_pending Apt package pending updates by origin.'
|
||||||
|
echo '# TYPE apt_upgrades_pending gauge'
|
||||||
|
if [[ -n "${upgrades}" ]] ; then
|
||||||
|
echo "${upgrades}"
|
||||||
|
else
|
||||||
|
echo 'apt_upgrades_pending{origin="",arch=""} 0'
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo '# HELP node_reboot_required Node reboot is required for software updates.'
|
||||||
|
echo '# TYPE node_reboot_required gauge'
|
||||||
|
if [[ -f '/run/reboot-required' ]] ; then
|
||||||
|
echo 'node_reboot_required 1'
|
||||||
|
else
|
||||||
|
echo 'node_reboot_required 0'
|
||||||
|
fi
|
|
@ -0,0 +1,7 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Collect apt metrics for prometheus-node-exporter
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment=TMPDIR=/var/lib/prometheus/node-exporter
|
||||||
|
ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter/apt.sh | sponge /var/lib/prometheus/node-exporter/apt.prom"
|
|
@ -0,0 +1,9 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Run apt metrics collection every 15 minutes
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=0
|
||||||
|
OnUnitActiveSec=15min
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
|
@ -23,6 +23,16 @@
|
||||||
when:
|
when:
|
||||||
- ansible_lsb.codename == 'stretch'
|
- ansible_lsb.codename == 'stretch'
|
||||||
|
|
||||||
|
- name: Install Prometheus node-exporter collectors (bullseye)
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
name: prometheus-node-exporter-collectors
|
||||||
|
install_recommends: false
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
when: ansible_facts['lsb']['codename'] == 'bullseye'
|
||||||
|
|
||||||
- name: Activate prometheus-node-exporter service
|
- name: Activate prometheus-node-exporter service
|
||||||
systemd:
|
systemd:
|
||||||
name: prometheus-node-exporter
|
name: prometheus-node-exporter
|
||||||
|
|
5
roles/prometheus_postgres/handlers/main.yml
Normal file
5
roles/prometheus_postgres/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: Restart prometheus-postgres-exporter
|
||||||
|
service:
|
||||||
|
name: prometheus-postgres-exporter
|
||||||
|
state: restarted
|
39
roles/prometheus_postgres/tasks/main.yml
Normal file
39
roles/prometheus_postgres/tasks/main.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
- name: Install Prometheus postgres-exporter
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
name: prometheus-postgres-exporter
|
||||||
|
register: apt_result
|
||||||
|
retries: 3
|
||||||
|
until: apt_result is succeeded
|
||||||
|
|
||||||
|
- name: Make Prometheus postgres-exporter connect to databases using peercred
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/default/prometheus-postgres-exporter
|
||||||
|
regexp: '^DATA_SOURCE_NAME='
|
||||||
|
line: |
|
||||||
|
DATA_SOURCE_NAME="user=postgres host=/var/run/postgresql/ sslmode=disable"
|
||||||
|
notify: Restart prometheus-postgres-exporter
|
||||||
|
|
||||||
|
- name: Make Prometheus postgres-exporter launched by postgres user
|
||||||
|
lineinfile:
|
||||||
|
path: /lib/systemd/system/prometheus-postgres-exporter.service
|
||||||
|
regexp: '^User='
|
||||||
|
line: |
|
||||||
|
User=postgres
|
||||||
|
notify: Restart prometheus-postgres-exporter
|
||||||
|
|
||||||
|
- name: Make Prometheus postgres-exporter listen on adm only
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/default/prometheus-postgres-exporter
|
||||||
|
regexp: '^ARGS='
|
||||||
|
line: |
|
||||||
|
ARGS="--web.listen-address={{ ansible_hostname }}.adm.auro.re:9187"
|
||||||
|
notify: Restart prometheus-postgres-exporter
|
||||||
|
|
||||||
|
- name: Activate prometheus-postgres-exporter service
|
||||||
|
systemd:
|
||||||
|
name: prometheus-postgres-exporter
|
||||||
|
enabled: true
|
||||||
|
daemon_reload: true
|
||||||
|
state: started
|
|
@ -129,7 +129,7 @@
|
||||||
name:
|
name:
|
||||||
- postgresql
|
- postgresql
|
||||||
- postgresql-client-11=11.7-0+deb10u1
|
- postgresql-client-11=11.7-0+deb10u1
|
||||||
force: yes
|
force: true
|
||||||
|
|
||||||
- name: Install postgresql ansible module requirement(s)
|
- name: Install postgresql ansible module requirement(s)
|
||||||
pip:
|
pip:
|
||||||
|
|
|
@ -41,7 +41,7 @@ AES_KEY = "{{ re2o_aes_key }}"
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
|
|
||||||
# A list of admins of the services. Receive mails when an error occurs
|
# A list of admins of the services. Receive mails when an error occurs
|
||||||
ADMINS = [('AURORE', 'monitoring.aurore@lists.crans.org'), ('Gabriel Detraz', 'detraz@crans.org')]
|
ADMINS = [('AURORE', 'monitoring.aurore@lists.crans.org'),]
|
||||||
|
|
||||||
# The list of hostname the server will respond to.
|
# The list of hostname the server will respond to.
|
||||||
ALLOWED_HOSTS = ['{{ inventory_hostname }}']
|
ALLOWED_HOSTS = ['{{ inventory_hostname }}']
|
||||||
|
|
|
@ -39,13 +39,4 @@
|
||||||
owner: "{{ service_user }}"
|
owner: "{{ service_user }}"
|
||||||
group: nogroup
|
group: nogroup
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: "15-re2o-service-{{ service_name }}"
|
|
||||||
message: >-
|
|
||||||
Le service re2o {{ service_name }} est dans
|
|
||||||
{{ service_homedir }}/{{ service_name }}.
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
---
|
---
|
||||||
rsyslog_outputs: []
|
rsyslog_outputs: []
|
||||||
|
rsyslog_high_density: false
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
---
|
---
|
||||||
- name: Install rsyslog
|
- name: Install rsyslog
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: rsyslog
|
name: rsyslog
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Install rsyslog modules if needed
|
- name: Install rsyslog modules if needed
|
||||||
become: true
|
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item.pkg }}"
|
name: "{{ item.pkg }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -18,7 +16,6 @@
|
||||||
pkg: rsyslog-hiredis
|
pkg: rsyslog-hiredis
|
||||||
|
|
||||||
- name: Deploy main rsyslog configuration
|
- name: Deploy main rsyslog configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
@ -33,7 +30,6 @@
|
||||||
notify: Restart rsyslog
|
notify: Restart rsyslog
|
||||||
|
|
||||||
- name: Create journald.conf.d directory
|
- name: Create journald.conf.d directory
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/systemd/journald.conf.d
|
path: /etc/systemd/journald.conf.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -42,7 +38,6 @@
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
- name: Deploy journald configuration
|
- name: Deploy journald configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: forward-syslog.conf.j2
|
src: forward-syslog.conf.j2
|
||||||
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
dest: /etc/systemd/journald.conf.d/forward-syslog.conf
|
||||||
|
@ -52,7 +47,6 @@
|
||||||
notify: Restart systemd-journald
|
notify: Restart systemd-journald
|
||||||
|
|
||||||
- name: Deploy logrotate configuration
|
- name: Deploy logrotate configuration
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: logrotate.j2
|
src: logrotate.j2
|
||||||
dest: /etc/logrotate.d/rsyslog
|
dest: /etc/logrotate.d/rsyslog
|
||||||
|
@ -62,7 +56,6 @@
|
||||||
notify: Reload logrotate
|
notify: Reload logrotate
|
||||||
|
|
||||||
- name: Enable rsyslog service
|
- name: Enable rsyslog service
|
||||||
become: true
|
|
||||||
systemd:
|
systemd:
|
||||||
name: rsyslog.service
|
name: rsyslog.service
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -91,6 +91,28 @@ ruleset(name="sendLogsToRemote") {
|
||||||
port="{{ output.port }}"
|
port="{{ output.port }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
queue.type="LinkedList"
|
||||||
|
queue.spoolDirectory="/var/spool/rsyslog"
|
||||||
|
queue.fileName="queue_{{ loop.index }}"
|
||||||
|
queue.saveOnShutdown="on"
|
||||||
|
|
||||||
|
{% if rsyslog_high_density %}
|
||||||
|
queue.highWatermark="20000"
|
||||||
|
queue.lowWatermark="5000"
|
||||||
|
queue.checkpointInterval="10000"
|
||||||
|
queue.maxDiskSpace="4g"
|
||||||
|
{% else %}
|
||||||
|
queue.highWatermark="500"
|
||||||
|
queue.lowWatermark="100"
|
||||||
|
queue.checkpointInterval="200"
|
||||||
|
queue.syncqueuefiles="on"
|
||||||
|
queue.maxDiskSpace="500m"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
action.resumeRetryCount="-1"
|
||||||
|
action.reportSuspension="on"
|
||||||
|
action.reportSuspensionContinuation="on"
|
||||||
|
|
||||||
{% if loop.index > 1 and output.fallback %}
|
{% if loop.index > 1 and output.fallback %}
|
||||||
action.execOnlyWhenPreviousIsSuspended="on"
|
action.execOnlyWhenPreviousIsSuspended="on"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -39,12 +39,4 @@
|
||||||
register: apt_result
|
register: apt_result
|
||||||
retries: 3
|
retries: 3
|
||||||
until: apt_result is succeeded
|
until: apt_result is succeeded
|
||||||
|
|
||||||
- include_role:
|
|
||||||
name: update_motd
|
|
||||||
vars:
|
|
||||||
motd_messages:
|
|
||||||
- key: 10-unifi-controller
|
|
||||||
message: >-
|
|
||||||
Le contrôleur Unifi a été installé sur ce serveur.
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Ensure update-motd.d exists
|
- name: Ensure update-motd.d exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/update-motd.d
|
path: /etc/update-motd.d
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -9,7 +8,6 @@
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Customize motd
|
- name: Customize motd
|
||||||
become: true
|
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "/etc/update-motd.d/{{ item }}"
|
dest: "/etc/update-motd.d/{{ item }}"
|
||||||
|
@ -22,15 +20,19 @@
|
||||||
- 20-uname
|
- 20-uname
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
|
- name: Remove Debian uname motd
|
||||||
|
file:
|
||||||
|
path: /etc/update-motd.d/10-uname
|
||||||
|
state: absent
|
||||||
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Remove Debian warranty motd
|
- name: Remove Debian warranty motd
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd
|
path: /etc/motd
|
||||||
state: absent
|
state: absent
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Ensure motd-messages exists
|
- name: Ensure motd-messages exists
|
||||||
become: true
|
|
||||||
file:
|
file:
|
||||||
path: /etc/motd-messages
|
path: /etc/motd-messages
|
||||||
state: directory
|
state: directory
|
||||||
|
@ -40,14 +42,13 @@
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
|
|
||||||
- name: Install additional motd messages
|
- name: Install additional motd messages
|
||||||
become: true
|
|
||||||
copy:
|
copy:
|
||||||
content: "✨ {{ item.message }}\n"
|
content: "✨ {{ item.value }}\n"
|
||||||
dest: "/etc/motd-messages/{{ item.key }}"
|
dest: "/etc/motd-messages/{{ item.key }}"
|
||||||
mode: u=rwx,g=rx,o=rx
|
mode: u=rw,g=r,o=r
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
loop: "{{ motd_messages }}"
|
loop: "{{ update_motd | dict2items }}"
|
||||||
notify: Remove cached motd
|
notify: Remove cached motd
|
||||||
when: motd_messages is defined
|
when: update_motd is defined
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
|
||||||
---
|
|
||||||
# This is a special playbook to upgrade sudo everywhere after the
|
|
||||||
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
|
|
||||||
# Please always use with --limit myserver.adm.auro.re
|
|
||||||
# And list updates with --check
|
|
||||||
- hosts: all
|
|
||||||
tasks:
|
|
||||||
- name: Upgrade sudo
|
|
||||||
apt:
|
|
||||||
name: sudo
|
|
||||||
state: latest
|
|
||||||
update_cache: true
|
|
||||||
cache_valid_time: 3600 # one hour
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
Loading…
Reference in a new issue