ansible/plays/monitoring.yml

#!/usr/bin/env ansible-playbook
---
# Deploy Prometheus and Grafana on monitoring server
- hosts: monitoring.adm.crans.org
  vars:
    # Prometheus targets.json
    prometheus:
      node_targets: "{{ groups['server'] | list | sort }}"
      ups_snmp_targets:
        - pulsar.adm.crans.org  # 0B
        - quasar.adm.crans.org  # 4J
      unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
      blackbox_targets:
        - https://crans.org
        - https://www.crans.org
        - https://grafana.crans.org
        - https://wiki.crans.org
        - https://pad.crans.org
      apache_targets: [zamok.adm.crans.org]

    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"

    grafana:
      root_url: https://grafana.crans.org
      ldap_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}"
      ldap_passwd: "{{ vault_ldap_grafana_passwd }}"

    ldap_base: 'dc=crans,dc=org'
    ldap_master_ipv4: '10.231.136.19'
    ldap_user_tree: "cn=Utilisateurs,{{ ldap_base }}"
  roles:
    - prometheus
    - prometheus-alertmanager
    - prometheus-snmp-exporter
    - prometheus-blackbox-exporter
    - ninjabot
    - grafana

# Deploy backup Prometheus on backup server
- hosts: odlyd.adm.crans.org
  vars:
    # only critical infra
    prometheus:
      node_targets:
        - odlyd.adm.crans.org  # me, myself and I
        - zamok.adm.crans.org  # parce que WeeChat c'est critique
        - thot.adm.crans.org  # la bdd adh est critique... enfin a skip
        - zbee.adm.crans.org  # zbeu! la bay!
        - stitch.adm.crans.org  # last hope virtu
        - redisdead.adm.crans.org  # Postmen... youtu.be/vEkY6W-fEZQ?t=132
      ups_snmp_targets:
        - pulsar.adm.crans.org  # 0B
        - quasar.adm.crans.org  # 4J

    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
  roles:
    - prometheus
    - prometheus-alertmanager
    - prometheus-snmp-exporter
    - ninjabot


# Monitor all hosts
- hosts: server,test_vm
  vars:
    adm_ipv4: "{{ ansible_all_ipv4_addresses | ipaddr(adm_subnet) | first }}"
  roles: ["prometheus-node-exporter"]

# Export apache metrics
- hosts: zamok.adm.crans.org
  vars:
    adm_ipv4: "{{ ansible_all_ipv4_addresses | ipaddr(adm_subnet) | first }}"
  roles: ["prometheus-apache-exporter"]

# Monitor mailq with a special text exporter
- hosts: redisdead.adm.crans.org
  roles: ["prometheus-node-exporter-postfix"]

# Monitor logs with mtail
- hosts: thot.adm.crans.org
  roles: ["mtail"]