Skip to content

GitLab

Commit cd913940 authored by tec's avatar tec
Browse files

Add (commented) certbot role (+some config)

parent 8fe3f967
Hide whitespace changes
Inline Side-by-side
monitor_host.yml
View file @ cd913940
---
- hosts: monitorhosts
- hosts: localhost
become: true
become_user: root
remote_user: root
......@@ -9,131 +9,48 @@
- cloudalchemy.node-exporter
- cloudalchemy.blackbox-exporter
- cloudalchemy.grafana
# - geerlingguy.certbot
tasks:
- name: Allow grafana to bind to ports below 1024
shell: setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server
- name: Restart grafana
shell: systemctl restart grafana-server.service
vars:
prometheus_targets:
node:
- targets:
- localhost:9100
- motsugo.ucc.asn.au:9100
- mussel.ucc.asn.au:9100
- mooneye.ucc.asn.au:9100
- molmol.ucc.asn.au:9100
- cerberus.ucc.asn.au:9100
- loveday.ucc.asn.au:9100
- magikarp.ucc.asn.au:9100
- maltair.ucc.asn.au:9100
- loveday.ucc.asn.au:9100
- medico.ucc.asn.au:9100
- magikarp.ucc.asn.au:9100
- mudkip.ucc.asn.au:9100
labels:
env: demo
job: node
env: ucc
job: cluster
- targets:
- localhost:9093
- uccmonitor.ucc.asn.au:9100
labels:
env: demo
job: alertmanager
env: ucc
job: VMs
- targets:
- localhost:3000
labels:
env: demo
job: grafana
prometheus_web_external_url: 'http://{{ ansible_host }}:9090'
prometheus_alertmanager_config:
- scheme: http
static_configs:
- targets: ['127.0.0.1:9093']
prometheus_scrape_jobs:
- job_name: 'blackbox'
metrics_path: /probe
params:
module: [http_2xx]
static_configs:
- targets:
- http://localhost:9100
- motsugo.ucc.asn.au:9100
- mussel.ucc.asn.au:9100
- mooneye.ucc.asn.au:9100
- molmol.ucc.asn.au:9100
- cerberus.ucc.asn.au:9100
- loveday.ucc.asn.au:9100
- magikarp.ucc.asn.au:9100
- maltair.ucc.asn.au:9100
- medico.ucc.asn.au:9100
- mudkip.ucc.asn.au:9100
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
- source_labels: [__param_target]
target_label: instance
- target_label: __address__
replacement: 127.0.0.1:9115 # Blackbox exporter.
alertmanager_external_url: 'http://{{ ansible_host }}:9093'
alertmanager_receivers:
- name: 'email-wheel'
email_configs:
- to: '[email protected]'
from: '[email protected]'
smarthost: 'smtp.ucc.com:587'
auth_username: '[email protected]'
auth_identity: '[email protected]'
auth_password: SomePasswordHere
alertmanager_route:
group_by: ['alertname', 'cluster', 'service']
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
receiver: 'email-wheel'
grafana_datasources:
- name: Prometheus
type: prometheus
access: proxy
url: 'http://localhost:9090'
isDefault: true
basicAuth: false
grafana_security:
admin_user: admin
admin_password: 'changeme'
# todo: make LDAP
grafana_auth:
anonymous:
org_name: 'UCC'---
- hosts: monitorhosts
become: true
become_user: root
remote_user: root
roles:
- cloudalchemy.prometheus
- cloudalchemy.alertmanager
- cloudalchemy.node-exporter
- cloudalchemy.blackbox-exporter
- cloudalchemy.grafana
vars:
prometheus_targets:
node:
- targets:
- localhost:9100
- motsugo.ucc.asn.au:9100
- titan.ucc.asn.au:9100
- mussel.ucc.asn.au:9100
- mooneye.ucc.asn.au:9100
- molmol.ucc.asn.au:9100
- cerberus.ucc.asn.au:9100
- loveday.ucc.asn.au:9100
- magikarp.ucc.asn.au:9100
- maltair.ucc.asn.au:9100
- medico.ucc.asn.au:9100
- mudkip.ucc.asn.au:9100
labels:
env: demo
job: node
env: ucc
job: other
- targets:
- localhost:9093
labels:
env: demo
env: ucc
job: alertmanager
- targets:
- localhost:3000
labels:
env: demo
env: ucc
job: grafana
prometheus_web_external_url: 'http://{{ ansible_host }}:9090'
prometheus_alertmanager_config:
......@@ -147,17 +64,18 @@
module: [http_2xx]
static_configs:
- targets:
- http://localhost:9100
- motsugo.ucc.asn.au:9100
- mussel.ucc.asn.au:9100
- mooneye.ucc.asn.au:9100
- molmol.ucc.asn.au:9100
- cerberus.ucc.asn.au:9100
- loveday.ucc.asn.au:9100
- magikarp.ucc.asn.au:9100
- maltair.ucc.asn.au:9100
- medico.ucc.asn.au:9100
- mudkip.ucc.asn.au:9100
- http://uccmonitor.ucc.asn.au:9100
- http://motsugo.ucc.asn.au:9100
- http://titan.ucc.asn.au:9100
- http://mussel.ucc.asn.au:9100
- http://mooneye.ucc.asn.au:9100
- http://molmol.ucc.asn.au:9100
- http://cerberus.ucc.asn.au:9100
- http://loveday.ucc.asn.au:9100
- http://magikarp.ucc.asn.au:9100
- http://maltair.ucc.asn.au:9100
- http://medico.ucc.asn.au:9100
- http://mudkip.ucc.asn.au:9100
relabel_configs:
- source_labels: [__address__]
target_label: __param_target
......@@ -181,6 +99,14 @@
group_interval: 5m
repeat_interval: 3h
receiver: 'email-wheel'
grafana_server:
# protocol: https
# http_port: 443
# domain: monitor.ucc.asn.au
# root_url: https://monitor.ucc.asn.au
# cert_file: /etc/letsencrypt/live/monitor.ucc.asn.au/fullchain.pem
# cert_key: /etc/letsencrypt/live/monitor.ucc.asn.au/privkey.pem
enable_gzip: true
grafana_datasources:
- name: Prometheus
type: prometheus
......@@ -195,16 +121,7 @@
grafana_auth:
anonymous:
org_name: 'UCC'
org_role: Admin
grafana_dashboards:
- dashboard_id: '1860' # Node Exporter Full
revision_id: '15'
datasource: 'Prometheus'
- dashboard_id: '3662' # Prometheus 2.0 Overview
revision_id: '2'
datasource: 'Prometheus'
org_role: Admin
org_role: Viewer
grafana_dashboards:
- dashboard_id: '1860' # Node Exporter Full
revision_id: '15'
......@@ -212,3 +129,9 @@
- dashboard_id: '3662' # Prometheus 2.0 Overview
revision_id: '2'
datasource: 'Prometheus'
certbot_certs:
- domains:
- monitor.ucc.asn.au
certbot_auto_renew: true
certbot_create_if_missing: true
certbot_admin_email: [email protected]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment