Simplify monitoring playbook

monitoring.yml

@@ -4,27 +4,35 @@
 - hosts: fyre.adm.crans.org
   vars:
     # Prometheus targets.json
-    prometheus_targets:
+    prometheus:
-      - targets: "{{ groups['server'] | list | sort }}"
+      node_targets: "{{ groups['server'] | list | sort }}"
-    prometheus_ups_snmp_targets:
+      ups_snmp_targets: [pulsar.adm.crans.org]
-      - targets: [pulsar.adm.crans.org]
+      unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
-    prometheus_unifi_snmp_targets:
+      blackbox_targets:
-      - targets: "{{ groups['crans_unifi'] | list | sort }}"
+        - https://crans.org
-    prometheus_blackbox_targets:
+        - https://www.crans.org
-      - targets:
+        - https://grafana.crans.org
-          - https://crans.org
+        - https://wiki.crans.org
-          - https://www.crans.org
+        - https://pad.crans.org
-          - https://grafana.crans.org
+      apache_targets: [zamok.adm.crans.org]
-          - https://wiki.crans.org
+
-          - https://pad.crans.org
-    prometheus_apache_targets:
-      - targets: [zamok.adm.crans.org]
     snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
+
+    grafana:
+      root_url: https://grafana.crans.org
+      ldap_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}"
+      ldap_passwd: "{{ vault_ldap_grafana_passwd }}"
+
+    ldap_base: 'dc=crans,dc=org'
+    ldap_master_ipv4: '10.231.136.19'
+    ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
   roles:
     - prometheus
     - prometheus-alertmanager
     - prometheus-snmp-exporter
     - prometheus-blackbox-exporter
+    - ninjabot
+    - grafana
 
 # Monitor all hosts
 - hosts: server,test_vm
@@ -42,23 +50,6 @@
   roles:
     - smartd-hp-smartarray
 
-# Deploy grafana
-- hosts: fyre.adm.crans.org
-  vars:
-    grafana_root_url: https://grafana.crans.org
-    ldap_base: 'dc=crans,dc=org'
-    ldap_master_ipv4: '10.231.136.19'
-    ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
-    ldap_grafana_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}"
-    ldap_grafana_passwd: "{{ vault_ldap_grafana_passwd }}"
-  roles:
-    - grafana
-
-# Deploy NinjaBot
-- hosts: fyre.adm.crans.org
-  roles:
-    - ninjabot
-
 # Monitor mailq with a special text exporter
 - hosts: redisdead.adm.crans.org
   roles:

roles/grafana/tasks/main.yml

@@ -43,7 +43,7 @@
   loop:
     - section: server
       option: root_url
-      value: "{{ grafana_root_url }}"
+      value: "{{ grafana.root_url }}"
     - section: session  # This will break with HTTPS
       option: cookie_secure
       value: "true"

roles/grafana/templates/ldap.toml.j2

@@ -21,10 +21,10 @@ ssl_skip_verify = false
 # client_key = "/path/to/client.key"
 
 # Search user bind dn
-bind_dn = "{{ ldap_grafana_bind_dn }}"
+bind_dn = "{{ grafana.ldap_bind_dn }}"
 # Search user bind password
 # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-bind_password = '{{ ldap_grafana_passwd }}'
+bind_password = '{{ grafana.ldap_passwd }}'
 
 # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
 search_filter = "(cn=%s)"

roles/prometheus/tasks/main.yml

@@ -25,31 +25,31 @@
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus nodes
   copy:
-    content: "{{ prometheus_targets | to_nice_json }}"
+    content: "{{ [{'targets': prometheus.node_targets}] | to_nice_json }}"
     dest: /etc/prometheus/targets.json
 
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus UPS SNMP devices
   copy:
-    content: "{{ prometheus_ups_snmp_targets | to_nice_json }}"
+    content: "{{ [{'targets': prometheus.ups_snmp_targets}] | to_nice_json }}"
     dest: /etc/prometheus/targets_ups_snmp.json
 
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus Ubiquity Unifi SNMP devices
   copy:
-    content: "{{ prometheus_unifi_snmp_targets | to_nice_json }}"
+    content: "{{ [{'targets': prometheus.unifi_snmp_targets}] | to_nice_json }}"
     dest: /etc/prometheus/targets_unifi_snmp.json
 
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus Apache targets
   copy:
-    content: "{{ prometheus_apache_targets | to_nice_json }}"
+    content: "{{ [{'targets': prometheus.apache_targets}] | to_nice_json }}"
     dest: /etc/prometheus/targets_apache.json
 
 # We don't need to restart Prometheus when updating nodes
 - name: Configure Prometheus Blackbox targets
   copy:
-    content: "{{ prometheus_blackbox_targets | to_nice_json }}"
+    content: "{{ [{'targets': prometheus.blackbox_targets}] | to_nice_json }}"
     dest: /etc/prometheus/targets_blackbox.json
 
 - name: Activate prometheus service