#!/usr/bin/env ansible-playbook
---
# Deploy Prometheus and Grafana on monitoring server
- hosts: monitoring.adm.crans.org
  vars:
    # Prometheus targets.json
    prometheus:
      node_targets: "{{ groups['server'] | list | sort }}"
      ups_snmp_targets: []
      #  - pulsar.adm.crans.org  # 0B
      #  - quasar.adm.crans.org  # 4J
      unifi_snmp_targets: []  # "{{ groups['crans_unifi'] | list | sort }}"
      blackbox_targets:
        - https://crans.org
        - https://www.crans.org
        - https://grafana.crans.org
        - https://wiki.crans.org
        - https://pad.crans.org
      nginx_targets:
        - hodaur.adm.crans.org
        - charybde.adm.crans.org
      apache_targets: []  # [zamok.adm.crans.org]

    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"

    grafana:
      root_url: https://grafana.crans.org
      ldap_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}"
      ldap_passwd: "{{ vault_ldap_grafana_passwd }}"

    ldap_base: 'dc=crans,dc=org'
    ldap_master_ipv4: '172.16.10.1'
    ldap_user_tree: "ou=users,{{ ldap_base }}"
  roles:
    - prometheus
    - prometheus-alertmanager
    #- prometheus-snmp-exporter
    - prometheus-blackbox-exporter
    - ninjabot
    - grafana

# Deploy backup Prometheus on backup server
#- hosts: odlyd.adm.crans.org
#  vars:
#    # only critical infra
#    prometheus:
#      node_targets:
#        - odlyd.adm.crans.org  # me, myself and I
#        - zamok.adm.crans.org  # parce que WeeChat c'est critique
#        - thot.adm.crans.org  # la bdd adh est critique... enfin a skip
#        - zbee.adm.crans.org  # zbeu! la bay!
#        - stitch.adm.crans.org  # last hope virtu
#        - redisdead.adm.crans.org  # Postmen... youtu.be/vEkY6W-fEZQ?t=132
#      ups_snmp_targets:
#        - pulsar.adm.crans.org  # 0B
#        - quasar.adm.crans.org  # 4J
#
#    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
#  roles:
#    - prometheus
#    - prometheus-alertmanager
#    - prometheus-snmp-exporter
#    - ninjabot


# Monitor all hosts
- hosts: server,test_vm
  vars:
    adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
  roles: ["prometheus-node-exporter"]

# Export nginx metrics
- hosts: charybde.adm.crans.org,hodaur.adm.crans.org
  vars:
    adm_ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ipv4 | first }}"
  roles: ["prometheus-nginx-exporter"]

# Export apache metrics
#- hosts: zamok.adm.crans.org
#  vars:
#    adm_ipv4: "{{ ansible_all_ipv4_addresses | ipaddr(adm_subnet) | first }}"
#  roles: ["prometheus-apache-exporter"]

# Monitor mailq with a special text exporter
#- hosts: redisdead.adm.crans.org
#  roles: ["prometheus-node-exporter-postfix"]

# Monitor logs with mtail
#- hosts: thot.adm.crans.org
#  roles: ["mtail"]