PPBe
/
ansible-infra
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

create molecule scenario for monitoring role

master
HgO 2020-12-02 17:22:59 +01:00
parent 0f32a76e38
commit 2ace573ac9
21 changed files with 226 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
inventories/group_vars/monitoring.yml
View File

@ -1,41 +0,0 @@
alertmanager_smtp:
from: ahoy@pirateparty.be
smarthost: mail.infomaniak.ch:587
auth_username: ahoy@pirateparty.be
auth_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
61643536623562333434653364623535633331653539356132653863313965313030333163313637
6161333463653839383265323937376630336134633531650a313132326536346530353764656465
63323737643034353532333363303363616261363335333365663133626537653961323133626433
6566656236383864610a323262393562663836343162326131336630363939356333313934326436
6261
alertmanager_route:
receiver: 'default-receiver'
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
alertmanager_receivers:
- name: default-receiver
email_configs:
- to: hadrien@pirateparty.be
alertmanager_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
63313035633034643636326230383162666666626539623934303631366236656432616238356362
6665626364643666343737623532616133303539356133300a396530643865323334313564363762
31646562306232356437636537383732626664663166656331303630303537383064663565323235
3962313936613039320a656337356131363636643366393233613462313361323639373363643134
32383436313035323032656266376664383166633631663438316165313930373937636436633962
6131336262343531643264346362343433373165386266323439
prometheus_password: "{{ alertmanager_password }}"
grafana_admin_user: ppbe
grafana_admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
39626461326636633230343536613564643537376464336537353661636638303238303966383030
3133663938623334396435333761306265373064353462610a356531326130396566386638653533
36323833663030663466356538353237376137313135656534383439613935623234373065376530
3864366438626135300a333664313339343964306538343366306639393631666366323537313734
36613731626439646537653565646436323839383930363131653431306431396638613665616464
3435313137313964636139366439336365663564326639303234

25
inventories/group_vars/monitoring/main.yml 100644
View File

@ -0,0 +1,25 @@
alertmanager_version: latest
alertmanager_smtp:
from: ahoy@pirateparty.be
smarthost: mail.infomaniak.ch:587
auth_username: ahoy@pirateparty.be
auth_password: "{{ alertmanager_smtp_password }}"
alertmanager_route:
receiver: 'default-receiver'
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
alertmanager_receivers:
- name: default-receiver
email_configs:
- to: hadrien@pirateparty.be
alertmanager_password: "{{ vault_alertmanager_password }}"
prometheus_version: latest
prometheus_password: "{{ vault_prometheus_password }}"
grafana_admin_user: ppbe
grafana_admin_password: "{{ vault_grafana_admin_password }}"

18
inventories/group_vars/monitoring/vault.yml 100644
View File

@ -0,0 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256
64386162616536616639393038343039393964633039346536373438366131633933303264323262
3137373938333666373862323336343730633834333039630a356633303566303537653265343938
63333630666164636636316265326137633262353136663037666237356264396362363739386362
6266373931663864640a633139613865613231333736636332313835623961316464366136303462
32623836623638376537373564306236613962383135633232653731663832343136306236386237
64653134356430623437643161336632653639323561303566363565656566323038363230333566
63643631323935323433346435363866373032613562303135656361653532303266663133336139
61323966323337333235366637386232653662313331653735623932343265643937343034313932
35656537373030313461646136346665323433626237323565393965613063356436356430643532
32353761343864643865323366623064353332353666663162646437363331366331336461633735
31363630383234623662616531386438343230613962666237613337666232333966613163666639
63336434613861623839666430333635646535623338653366363735623765626132336333653363
35636539303738353635383063663133666539376365393338316362393664663433616461336263
64396562623763633537346166343933333964376532643338333135363765336464366365356262
31396530663135343339383936373465323763633162626431353364633833343835333931376131
34626536633566346639383166376633346532663839646135623438316632646437646536613933
3033

5
inventories/group_vars/mumble.yml → inventories/group_vars/mumble/main.yml
View File

@ -1,3 +1,6 @@
murmur_port: 64730
murmur_superuser_password: "{{ vault_murmur_superuser_password }}"
umurmur_version: 0.2.17 umurmur_version: 0.2.17
umurmur_domain: mumble.parley.be umurmur_domain: mumble.parley.be
@ -5,7 +8,7 @@ umurmur_welcome_text:
- Welcome to Parley Talk! - Welcome to Parley Talk!
- You can talk to the people in the room you joined. - You can talk to the people in the room you joined.
- You start in the Welcome room, to join another channel double click on the room name. - You start in the Welcome room, to join another channel double click on the room name.
umurmur_admin_password: wC7yZ4vV2ocb7AkBfQ2RwuhRqYVyiwY42Rjpw3pfJ umurmur_admin_password: "{{ vault_umurmur_admin_password }}"
umurmur_max_users: 100 umurmur_max_users: 100
umurmur_channels: umurmur_channels:

13
inventories/group_vars/mumble/vault.yml 100644
View File

@ -0,0 +1,13 @@
$ANSIBLE_VAULT;1.1;AES256
39653565313333643836363062656363333232313166303331656135633830323633366236313438
6663616535626237326566636331356564373936356465310a323638646333623731366530316630
30653662666239336465366466663162303466613139636138316538643862383962393734323665
6135633264336530650a653234353636643630643566323638386138633035396232666136333531
66353062333661393462353535383964333262336235643237383632633135346165326635633730
65356161363266393834353964626164356364353061646638366232643132373965646466373734
34346238313666363466633934333737313761643965313130313465623038393638343564393064
31373132643762373161396236646366326666306536643566383638623133666333663430356431
65356166326339373666643365623837326461316437616361346531383533646435323331363131
30373838306631393066323766316638303233303231616266323562653332306631393334353361
30353130333164643333663262356437386564356432343533336163383735343830656132396332
61313334396638636333

1
playbooks/monitoring.yml
View File

@ -2,5 +2,4 @@
become: yes become: yes
roles: roles:
- common
- monitoring - monitoring

4
roles/common/handlers/main.yml
View File

@ -17,10 +17,6 @@
- name: update postfix secrets - name: update postfix secrets
command: postmap {{ postfix_sasl_secrets_path }} command: postmap {{ postfix_sasl_secrets_path }}
- name: reload nginx
include_tasks: ../handlers/nginx.yml
when: nginx_started is not changed
- name: reload autofs - name: reload autofs
service: service:
name: autofs name: autofs

2
roles/common/meta/main.yml 100644
View File

@ -0,0 +1,2 @@
dependencies:
- shared-handlers

3
roles/monitoring/defaults/main.yml
View File

@ -1,6 +1,7 @@
--- ---
# defaults file for roles/prometheus # defaults file for roles/prometheus
grafana_admin_user: admin grafana_admin_user: admin
grafana_admin_password: password
grafana_domain: "{{ inventory_hostname }}" grafana_domain: "{{ inventory_hostname }}"
grafana_web_path: /grafana grafana_web_path: /grafana
grafana_protocol: http grafana_protocol: http
@ -9,9 +10,11 @@ grafana_port: 3000
prometheus_domain: "{{ inventory_hostname }}" prometheus_domain: "{{ inventory_hostname }}"
prometheus_web_path: /prometheus prometheus_web_path: /prometheus
prometheus_port: 9090 prometheus_port: 9090
prometheus_password: password
nginx_default_path: "{{ grafana_web_path }}" nginx_default_path: "{{ grafana_web_path }}"
alertmanager_domain: "{{ inventory_hostname }}" alertmanager_domain: "{{ inventory_hostname }}"
alertmanager_web_path: /alertmanager alertmanager_web_path: /alertmanager
alertmanager_port: 9093 alertmanager_port: 9093
alertmanager_password: password

2
roles/monitoring/meta/main.yml 100644
View File

@ -0,0 +1,2 @@
dependencies:
- shared-handlers

23
roles/monitoring/molecule/default/INSTALL.rst 100644
View File

@ -0,0 +1,23 @@
*********************************
Vagrant driver installation guide
*********************************
Requirements
============
* Vagrant
* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule_vagrant'

13
roles/monitoring/molecule/default/converge.yml 100644
View File

@ -0,0 +1,13 @@
---
- name: Converge
hosts: all
become: yes
pre_tasks:
- name: Install and configure node-exporter
import_role:
name: common
tasks_from: node_exporter.yml
roles:
- monitoring

50
roles/monitoring/molecule/default/molecule.yml 100644
View File

@ -0,0 +1,50 @@
---
.hardware: &hardware
memory: 1024
cpu: 2
dependency:
name: galaxy
driver:
name: vagrant
provider:
name: virtualbox
platforms:
- name: debian-buster.mol
box: debian/buster64
<<: *hardware
interfaces:
- network_name: private_network
type: dhcp
auto_config: true
- network_name: forwarded_port
guest: 80
host: 18080
- network_name: forwarded_port
guest: 443
host: 18443
options:
append_platform_to_hostname: no
- name: ubuntu-focal.mol
box: ubuntu/focal64
<<: *hardware
interfaces:
- network_name: private_network
type: dhcp
auto_config: true
- network_name: forwarded_port
guest: 80
host: 28080
- network_name: forwarded_port
guest: 443
host: 28443
options:
append_platform_to_hostname: no
provisioner:
name: ansible
config_options:
defaults:
interpreter_python: /usr/bin/python3
vault_password_file: "${MOLECULE_PROJECT_DIRECTORY}/../../.vault.secret"
verifier:
name: ansible

19
roles/monitoring/molecule/default/prepare.yml 100644
View File

@ -0,0 +1,19 @@
- hosts: all
become: yes
pre_tasks:
- name: Update apt cache
apt:
update_cache: yes
cache_valid_time: 3600
tasks:
- name: Install and configure UFW
import_role:
name: common
tasks_from: ufw.yml
- name: Install and configure Nginx
import_role:
name: common
tasks_from: nginx.yml

28
roles/monitoring/tasks/grafana.yml
View File

@ -1,36 +1,39 @@
- name: add grafana GPG apt key - name: Install GPG package
package:
name: gpg
state: present
- name: Add Grafana GPG apt key
apt_key: apt_key:
url: https://packages.grafana.com/gpg.key url: https://packages.grafana.com/gpg.key
state: present state: present
- block: - name: Add Grafana repository
- name: add grafana repository
apt_repository: apt_repository:
repo: deb https://packages.grafana.com/oss/deb stable main repo: deb https://packages.grafana.com/oss/deb stable main
state: present state: present
register: grafana_repo register: grafana_repo
notify: restart grafana notify: restart grafana
- name: update apt cache - name: Update apt cache
apt: apt:
update_cache: yes update_cache: yes
cache_valid_time: 3600 cache_valid_time: 3600
when: grafana_repo is changed when: grafana_repo is changed
- name: install grafana package - name: Install grafana package
apt: package:
pkg: grafana name: grafana
state: present state: present
notify: restart grafana notify: restart grafana
- name: copy grafana config - name: Copy Grafana config
template: template:
src: grafana.ini.j2 src: grafana.ini.j2
dest: /etc/grafana/grafana.ini dest: /etc/grafana/grafana.ini
become: yes
notify: restart grafana notify: restart grafana
- name: enable grafana service - name: Start and enable Grafana service
systemd: systemd:
name: grafana-server name: grafana-server
state: started state: started
@ -53,12 +56,13 @@
includes: includes:
- "{{ nginx_config_dir }}/{{ inventory_hostname }}.d/*.conf" - "{{ nginx_config_dir }}/{{ inventory_hostname }}.d/*.conf"
- name: ensure nginx config directory exists - name: Ensure Nginx config directory exists
file: file:
path: "{{ nginx_config_dir }}/{{ inventory_hostname }}.d" path: "{{ nginx_config_dir }}/{{ inventory_hostname }}.d"
state: directory state: directory
- include_role: - name: Configure Nginx for Grafana
include_role:
name: nginx name: nginx
tasks_from: configure tasks_from: configure
vars: vars:

1
roles/monitoring/tasks/main.yml
View File

@ -1,6 +1,5 @@
--- ---
- import_tasks: grafana.yml - import_tasks: grafana.yml
become: yes
tags: grafana tags: grafana
- import_tasks: alertmanager.yml - import_tasks: alertmanager.yml
tags: alertmanager tags: alertmanager

17
roles/monitoring/vars/main.yml 100644
View File

@ -0,0 +1,17 @@
alertmanager_receivers:
- name: default-receiver
email_configs:
- to: ahoy@example.com
alertmanager_route:
receiver: 'default-receiver'
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
alertmanager_smtp:
from: ahoy@example.com
smarthost: mail.example.com:587
auth_username: ahoy@example.com
auth_password: password

5
roles/nginx/defaults/main.yml
View File

@ -1,5 +1,6 @@
--- ---
# defaults file for roles/nginx # defaults file for roles/nginx
nginx_user: www-data nginx_owner: www-data
nginx_htpasswd_user: admin nginx_group: "{{ nginx_owner }}"
nginx_template_file: nginx.conf.j2 nginx_template_file: nginx.conf.j2
nginx_config_dir: /etc/nginx/conf.d

9
roles/nginx/tasks/configure.yml
View File

@ -5,15 +5,14 @@
password: "{{ location.basic_auth.password }}" password: "{{ location.basic_auth.password }}"
state: present state: present
create: yes create: yes
owner: "{{ nginx_user }}" owner: "{{ nginx_owner }}"
group: "{{ nginx_user }}" group: "{{ nginx_group }}"
mode: 0600 mode: 0600
loop: "{{ nginx_server.locations }}" loop: "{{ nginx_server.locations }}"
loop_control: loop_control:
loop_var: location loop_var: location
label: "{{ location.path }}" label: "{{ location.path }}"
when: "location.basic_auth is defined" when: "location.basic_auth is defined"
notify: notify:
- reload nginx - reload nginx
@ -21,8 +20,8 @@
template: template:
src: "{{ nginx_template_file }}" src: "{{ nginx_template_file }}"
dest: "{{ nginx_config_dir }}/{{ nginx_config_file }}" dest: "{{ nginx_config_dir }}/{{ nginx_config_file }}"
owner: "{{ nginx_user }}" owner: "{{ nginx_owner }}"
group: "{{ nginx_user }}" group: "{{ nginx_group }}"
mode: 0644 mode: 0644
notify: notify:
- reload nginx - reload nginx

2
roles/shared-handlers/handlers/main.yml 100644
View File

@ -0,0 +1,2 @@
- name: reload nginx
include_tasks: ../handlers/nginx.yml

0
roles/common/handlers/nginx.yml → roles/shared-handlers/handlers/nginx.yml
View File