crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'moreblackbox' into 'newinfra' 

Monitor all websites

See merge request nounous/ansible!178
certbot_on_virtu
erdnaxe 2021-01-06 15:03:46 +01:00
parent 1c73bf43e5 b71f4d3635
commit d649aa6360
2 changed files with 32 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
plays/monitoring.yml
View File

@ -11,11 +11,28 @@
# - quasar.adm.crans.org # 4J
unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
blackbox_targets:
- https://crans.org
- https://www.crans.org
- https://grafana.crans.org
- https://wiki.crans.org
- https://pad.crans.org
- https://crans.org/
- https://www.crans.org/
- https://webirc.crans.org/
- https://jitsi.crans.org/
- https://ftps.crans.org/
- http://ftp.crans.org/
- https://grafana.crans.org/
- https://roundcube.crans.org/
- https://zero.crans.org/
- https://wiki.crans.org/PageAccueil
- https://framadate.crans.org/
- https://pad.crans.org/
- https://lists.crans.org/
- https://cas.crans.org/
- https://ethercalc.crans.org/
- https://phabricator.crans.org/
- https://webmail.crans.org/horde/login.php
- https://gitlab.crans.org/
- https://perso.crans.org/crans/
- https://install-party.crans.org/
- https://intranet.crans.org/
- https://owncloud.crans.org/
nginx_targets:
- hodaur.adm.crans.org
- charybde.adm.crans.org
@ -26,10 +43,9 @@
grafana:
root_url: https://grafana.crans.org
icon: crans_icon_white.svg
ldap_base: 'dc=crans,dc=org'
ldap_master_ipv4: '172.16.10.1'
ldap_user_tree: "ou=passwd,{{ ldap_base }}"
ldap_base: "{{ glob_ldap.base }}"
ldap_master_ipv4: "{{ glob_ldap.servers[0] }}"
ldap_user_tree: "ou=passwd,{{ glob_ldap.base }}"
roles:
- prometheus
- prometheus-alertmanager
@ -38,30 +54,6 @@
- ninjabot
- grafana
# Deploy backup Prometheus on backup server
#- hosts: odlyd.adm.crans.org
# vars:
# # only critical infra
# prometheus:
# node_targets:
# - odlyd.adm.crans.org # me, myself and I
# - zamok.adm.crans.org # parce que WeeChat c'est critique
# - thot.adm.crans.org # la bdd adh est critique... enfin a skip
# - zbee.adm.crans.org # zbeu! la bay!
# - stitch.adm.crans.org # last hope virtu
# - redisdead.adm.crans.org # Postmen... youtu.be/vEkY6W-fEZQ?t=132
# ups_snmp_targets:
# - pulsar.adm.crans.org # 0B
# - quasar.adm.crans.org # 4J
#
# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
# roles:
# - prometheus
# - prometheus-alertmanager
# - prometheus-snmp-exporter
# - ninjabot
# Monitor all hosts
- hosts: server
vars:

18
roles/grafana/templates/ldap.toml.j2
View File

@ -5,7 +5,7 @@
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "{{ ldap_master_ipv4 }}"
host = "{{ grafana.ldap_master_ipv4 }}"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if ldap server supports TLS
@ -20,22 +20,18 @@ ssl_skip_verify = true
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "uid=%s,{{ ldap_user_tree }}"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
#bind_password = ''
# Use direct bind
bind_dn = "uid=%s,{{ grafana.ldap_user_tree }}"
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Useless as we are doing direct bind,
# but without LDAP auth hang
search_filter = "(uid=%s)"
# An array of base dns to search through
search_base_dns = ["{{ ldap_user_tree }}"]
search_base_dns = ["ou=passwd,dc=crans,dc=org"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=group,{{ ldap_base }}"]
group_search_base_dns = ["ou=group,{{ grafana.ldap_base }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses