diff --git a/inventories/group_vars/monitoring.yml b/inventories/group_vars/monitoring.yml deleted file mode 100644 index d6669be..0000000 --- a/inventories/group_vars/monitoring.yml +++ /dev/null @@ -1,41 +0,0 @@ -alertmanager_smtp: - from: ahoy@pirateparty.be - smarthost: mail.infomaniak.ch:587 - auth_username: ahoy@pirateparty.be - auth_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61643536623562333434653364623535633331653539356132653863313965313030333163313637 - 6161333463653839383265323937376630336134633531650a313132326536346530353764656465 - 63323737643034353532333363303363616261363335333365663133626537653961323133626433 - 6566656236383864610a323262393562663836343162326131336630363939356333313934326436 - 6261 - -alertmanager_route: - receiver: 'default-receiver' - group_wait: 30s - group_interval: 5m - repeat_interval: 3h - -alertmanager_receivers: -- name: default-receiver - email_configs: - - to: hadrien@pirateparty.be - -alertmanager_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63313035633034643636326230383162666666626539623934303631366236656432616238356362 - 6665626364643666343737623532616133303539356133300a396530643865323334313564363762 - 31646562306232356437636537383732626664663166656331303630303537383064663565323235 - 3962313936613039320a656337356131363636643366393233613462313361323639373363643134 - 32383436313035323032656266376664383166633631663438316165313930373937636436633962 - 6131336262343531643264346362343433373165386266323439 -prometheus_password: "{{ alertmanager_password }}" -grafana_admin_user: ppbe -grafana_admin_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39626461326636633230343536613564643537376464336537353661636638303238303966383030 - 3133663938623334396435333761306265373064353462610a356531326130396566386638653533 - 36323833663030663466356538353237376137313135656534383439613935623234373065376530 - 3864366438626135300a333664313339343964306538343366306639393631666366323537313734 - 36613731626439646537653565646436323839383930363131653431306431396638613665616464 - 3435313137313964636139366439336365663564326639303234 diff --git a/inventories/group_vars/monitoring/main.yml b/inventories/group_vars/monitoring/main.yml new file mode 100644 index 0000000..50ab325 --- /dev/null +++ b/inventories/group_vars/monitoring/main.yml @@ -0,0 +1,25 @@ +alertmanager_version: latest +alertmanager_smtp: + from: ahoy@pirateparty.be + smarthost: mail.infomaniak.ch:587 + auth_username: ahoy@pirateparty.be + auth_password: "{{ alertmanager_smtp_password }}" + + +alertmanager_route: + receiver: 'default-receiver' + group_wait: 30s + group_interval: 5m + repeat_interval: 3h + +alertmanager_receivers: +- name: default-receiver + email_configs: + - to: hadrien@pirateparty.be + +alertmanager_password: "{{ vault_alertmanager_password }}" + +prometheus_version: latest +prometheus_password: "{{ vault_prometheus_password }}" +grafana_admin_user: ppbe +grafana_admin_password: "{{ vault_grafana_admin_password }}" diff --git a/inventories/group_vars/monitoring/vault.yml b/inventories/group_vars/monitoring/vault.yml new file mode 100644 index 0000000..a743ce7 --- /dev/null +++ b/inventories/group_vars/monitoring/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +64386162616536616639393038343039393964633039346536373438366131633933303264323262 +3137373938333666373862323336343730633834333039630a356633303566303537653265343938 +63333630666164636636316265326137633262353136663037666237356264396362363739386362 +6266373931663864640a633139613865613231333736636332313835623961316464366136303462 +32623836623638376537373564306236613962383135633232653731663832343136306236386237 +64653134356430623437643161336632653639323561303566363565656566323038363230333566 +63643631323935323433346435363866373032613562303135656361653532303266663133336139 +61323966323337333235366637386232653662313331653735623932343265643937343034313932 +35656537373030313461646136346665323433626237323565393965613063356436356430643532 +32353761343864643865323366623064353332353666663162646437363331366331336461633735 +31363630383234623662616531386438343230613962666237613337666232333966613163666639 +63336434613861623839666430333635646535623338653366363735623765626132336333653363 +35636539303738353635383063663133666539376365393338316362393664663433616461336263 +64396562623763633537346166343933333964376532643338333135363765336464366365356262 +31396530663135343339383936373465323763633162626431353364633833343835333931376131 +34626536633566346639383166376633346532663839646135623438316632646437646536613933 +3033 diff --git a/inventories/group_vars/mumble.yml b/inventories/group_vars/mumble/main.yml similarity index 93% rename from inventories/group_vars/mumble.yml rename to inventories/group_vars/mumble/main.yml index 679c6c3..1515862 100644 --- a/inventories/group_vars/mumble.yml +++ b/inventories/group_vars/mumble/main.yml @@ -1,3 +1,6 @@ +murmur_port: 64730 +murmur_superuser_password: "{{ vault_murmur_superuser_password }}" + umurmur_version: 0.2.17 umurmur_domain: mumble.parley.be @@ -5,7 +8,7 @@ umurmur_welcome_text: - Welcome to Parley Talk! - You can talk to the people in the room you joined. - You start in the Welcome room, to join another channel double click on the room name. -umurmur_admin_password: wC7yZ4vV2ocb7AkBfQ2RwuhRqYVyiwY42Rjpw3pfJ +umurmur_admin_password: "{{ vault_umurmur_admin_password }}" umurmur_max_users: 100 umurmur_channels: diff --git a/inventories/group_vars/mumble/vault.yml b/inventories/group_vars/mumble/vault.yml new file mode 100644 index 0000000..0f70684 --- /dev/null +++ b/inventories/group_vars/mumble/vault.yml @@ -0,0 +1,13 @@ +$ANSIBLE_VAULT;1.1;AES256 +39653565313333643836363062656363333232313166303331656135633830323633366236313438 +6663616535626237326566636331356564373936356465310a323638646333623731366530316630 +30653662666239336465366466663162303466613139636138316538643862383962393734323665 +6135633264336530650a653234353636643630643566323638386138633035396232666136333531 +66353062333661393462353535383964333262336235643237383632633135346165326635633730 +65356161363266393834353964626164356364353061646638366232643132373965646466373734 +34346238313666363466633934333737313761643965313130313465623038393638343564393064 +31373132643762373161396236646366326666306536643566383638623133666333663430356431 +65356166326339373666643365623837326461316437616361346531383533646435323331363131 +30373838306631393066323766316638303233303231616266323562653332306631393334353361 +30353130333164643333663262356437386564356432343533336163383735343830656132396332 +61313334396638636333 diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml index 689b14c..3dc0fa6 100644 --- a/playbooks/monitoring.yml +++ b/playbooks/monitoring.yml @@ -2,5 +2,4 @@ become: yes roles: - - common - - monitoring + - monitoring \ No newline at end of file diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index d78bac3..bbcb91b 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -17,10 +17,6 @@ - name: update postfix secrets command: postmap {{ postfix_sasl_secrets_path }} -- name: reload nginx - include_tasks: ../handlers/nginx.yml - when: nginx_started is not changed - - name: reload autofs service: name: autofs diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml new file mode 100644 index 0000000..e2608cc --- /dev/null +++ b/roles/common/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - shared-handlers \ No newline at end of file diff --git a/roles/monitoring/defaults/main.yml b/roles/monitoring/defaults/main.yml index b40ef09..0ea9908 100644 --- a/roles/monitoring/defaults/main.yml +++ b/roles/monitoring/defaults/main.yml @@ -1,6 +1,7 @@ --- # defaults file for roles/prometheus grafana_admin_user: admin +grafana_admin_password: password grafana_domain: "{{ inventory_hostname }}" grafana_web_path: /grafana grafana_protocol: http @@ -9,9 +10,11 @@ grafana_port: 3000 prometheus_domain: "{{ inventory_hostname }}" prometheus_web_path: /prometheus prometheus_port: 9090 +prometheus_password: password nginx_default_path: "{{ grafana_web_path }}" alertmanager_domain: "{{ inventory_hostname }}" alertmanager_web_path: /alertmanager alertmanager_port: 9093 +alertmanager_password: password \ No newline at end of file diff --git a/roles/monitoring/meta/main.yml b/roles/monitoring/meta/main.yml new file mode 100644 index 0000000..e2608cc --- /dev/null +++ b/roles/monitoring/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - shared-handlers \ No newline at end of file diff --git a/roles/monitoring/molecule/default/INSTALL.rst b/roles/monitoring/molecule/default/INSTALL.rst new file mode 100644 index 0000000..0c4bf5c --- /dev/null +++ b/roles/monitoring/molecule/default/INSTALL.rst @@ -0,0 +1,23 @@ +********************************* +Vagrant driver installation guide +********************************* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule_vagrant' diff --git a/roles/monitoring/molecule/default/converge.yml b/roles/monitoring/molecule/default/converge.yml new file mode 100644 index 0000000..9d33245 --- /dev/null +++ b/roles/monitoring/molecule/default/converge.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + become: yes + + pre_tasks: + - name: Install and configure node-exporter + import_role: + name: common + tasks_from: node_exporter.yml + + roles: + - monitoring \ No newline at end of file diff --git a/roles/monitoring/molecule/default/molecule.yml b/roles/monitoring/molecule/default/molecule.yml new file mode 100644 index 0000000..1666ecc --- /dev/null +++ b/roles/monitoring/molecule/default/molecule.yml @@ -0,0 +1,50 @@ +--- +.hardware: &hardware + memory: 1024 + cpu: 2 + +dependency: + name: galaxy +driver: + name: vagrant + provider: + name: virtualbox +platforms: + - name: debian-buster.mol + box: debian/buster64 + <<: *hardware + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - network_name: forwarded_port + guest: 80 + host: 18080 + - network_name: forwarded_port + guest: 443 + host: 18443 + options: + append_platform_to_hostname: no + - name: ubuntu-focal.mol + box: ubuntu/focal64 + <<: *hardware + interfaces: + - network_name: private_network + type: dhcp + auto_config: true + - network_name: forwarded_port + guest: 80 + host: 28080 + - network_name: forwarded_port + guest: 443 + host: 28443 + options: + append_platform_to_hostname: no +provisioner: + name: ansible + config_options: + defaults: + interpreter_python: /usr/bin/python3 + vault_password_file: "${MOLECULE_PROJECT_DIRECTORY}/../../.vault.secret" +verifier: + name: ansible \ No newline at end of file diff --git a/roles/monitoring/molecule/default/prepare.yml b/roles/monitoring/molecule/default/prepare.yml new file mode 100644 index 0000000..9834f8b --- /dev/null +++ b/roles/monitoring/molecule/default/prepare.yml @@ -0,0 +1,19 @@ +- hosts: all + become: yes + + pre_tasks: + - name: Update apt cache + apt: + update_cache: yes + cache_valid_time: 3600 + + tasks: + - name: Install and configure UFW + import_role: + name: common + tasks_from: ufw.yml + + - name: Install and configure Nginx + import_role: + name: common + tasks_from: nginx.yml \ No newline at end of file diff --git a/roles/monitoring/tasks/grafana.yml b/roles/monitoring/tasks/grafana.yml index 987d9fb..2628116 100644 --- a/roles/monitoring/tasks/grafana.yml +++ b/roles/monitoring/tasks/grafana.yml @@ -1,36 +1,39 @@ -- name: add grafana GPG apt key +- name: Install GPG package + package: + name: gpg + state: present + +- name: Add Grafana GPG apt key apt_key: url: https://packages.grafana.com/gpg.key state: present -- block: - - name: add grafana repository - apt_repository: - repo: deb https://packages.grafana.com/oss/deb stable main - state: present - register: grafana_repo - notify: restart grafana +- name: Add Grafana repository + apt_repository: + repo: deb https://packages.grafana.com/oss/deb stable main + state: present + register: grafana_repo + notify: restart grafana - - name: update apt cache - apt: - update_cache: yes - cache_valid_time: 3600 - when: grafana_repo is changed +- name: Update apt cache + apt: + update_cache: yes + cache_valid_time: 3600 + when: grafana_repo is changed - - name: install grafana package - apt: - pkg: grafana - state: present - notify: restart grafana +- name: Install grafana package + package: + name: grafana + state: present + notify: restart grafana -- name: copy grafana config +- name: Copy Grafana config template: src: grafana.ini.j2 dest: /etc/grafana/grafana.ini - become: yes notify: restart grafana -- name: enable grafana service +- name: Start and enable Grafana service systemd: name: grafana-server state: started @@ -53,12 +56,13 @@ includes: - "{{ nginx_config_dir }}/{{ inventory_hostname }}.d/*.conf" -- name: ensure nginx config directory exists +- name: Ensure Nginx config directory exists file: path: "{{ nginx_config_dir }}/{{ inventory_hostname }}.d" state: directory -- include_role: +- name: Configure Nginx for Grafana + include_role: name: nginx tasks_from: configure vars: diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml index dde42a5..a08dead 100644 --- a/roles/monitoring/tasks/main.yml +++ b/roles/monitoring/tasks/main.yml @@ -1,6 +1,5 @@ --- - import_tasks: grafana.yml - become: yes tags: grafana - import_tasks: alertmanager.yml tags: alertmanager diff --git a/roles/monitoring/vars/main.yml b/roles/monitoring/vars/main.yml new file mode 100644 index 0000000..8f56f9b --- /dev/null +++ b/roles/monitoring/vars/main.yml @@ -0,0 +1,17 @@ + +alertmanager_receivers: + - name: default-receiver + email_configs: + - to: ahoy@example.com + +alertmanager_route: + receiver: 'default-receiver' + group_wait: 30s + group_interval: 5m + repeat_interval: 3h + +alertmanager_smtp: + from: ahoy@example.com + smarthost: mail.example.com:587 + auth_username: ahoy@example.com + auth_password: password \ No newline at end of file diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index f3d8c8b..60db8e2 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -1,5 +1,6 @@ --- # defaults file for roles/nginx -nginx_user: www-data -nginx_htpasswd_user: admin +nginx_owner: www-data +nginx_group: "{{ nginx_owner }}" nginx_template_file: nginx.conf.j2 +nginx_config_dir: /etc/nginx/conf.d \ No newline at end of file diff --git a/roles/nginx/tasks/configure.yml b/roles/nginx/tasks/configure.yml index 4f49985..9319936 100644 --- a/roles/nginx/tasks/configure.yml +++ b/roles/nginx/tasks/configure.yml @@ -5,15 +5,14 @@ password: "{{ location.basic_auth.password }}" state: present create: yes - owner: "{{ nginx_user }}" - group: "{{ nginx_user }}" + owner: "{{ nginx_owner }}" + group: "{{ nginx_group }}" mode: 0600 loop: "{{ nginx_server.locations }}" loop_control: loop_var: location label: "{{ location.path }}" when: "location.basic_auth is defined" - notify: - reload nginx @@ -21,8 +20,8 @@ template: src: "{{ nginx_template_file }}" dest: "{{ nginx_config_dir }}/{{ nginx_config_file }}" - owner: "{{ nginx_user }}" - group: "{{ nginx_user }}" + owner: "{{ nginx_owner }}" + group: "{{ nginx_group }}" mode: 0644 notify: - reload nginx diff --git a/roles/shared-handlers/handlers/main.yml b/roles/shared-handlers/handlers/main.yml new file mode 100644 index 0000000..3c88065 --- /dev/null +++ b/roles/shared-handlers/handlers/main.yml @@ -0,0 +1,2 @@ +- name: reload nginx + include_tasks: ../handlers/nginx.yml \ No newline at end of file diff --git a/roles/common/handlers/nginx.yml b/roles/shared-handlers/handlers/nginx.yml similarity index 100% rename from roles/common/handlers/nginx.yml rename to roles/shared-handlers/handlers/nginx.yml