diff --git a/common/prometheus-node/tasks/main.yml b/common/prometheus-node/tasks/main.yml index 8165ba04f485a2210b27d9c0707579380915ca6a..e0c1a9bf9c9f236e7a02c2ce32750a50d00eac35 100644 --- a/common/prometheus-node/tasks/main.yml +++ b/common/prometheus-node/tasks/main.yml @@ -1,18 +1,15 @@ --- -# Pakete installieren -- name: pakete installieren + + +- name: stop prometheus-node-exporter + service: name=prometheus-node-exporter state=stopped + +# Pakete deinstallieren +- name: pakete deinstallieren apt: pkg: "{{ item }}" - update_cache: yes - state: installed + update_cache: no + state: absent with_items: - prometheus-node-exporter -- name: reload systemd and enable service - systemd: - name: prometheus-node-exporter - enabled: yes - daemon_reload: yes - -- name: restart prometheus-node-exporter - service: name=prometheus-node-exporter state=restarted diff --git a/common/telegraf/handlers/main.yml b/common/telegraf/handlers/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..de46abe05cfa47354938900ed619af78ef43b159 --- /dev/null +++ b/common/telegraf/handlers/main.yml @@ -0,0 +1,3 @@ + +- name: restart telegraf + service: name=telegraf state=restarted diff --git a/common/telegraf/tasks/main.yml b/common/telegraf/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..6f8c0fc217022136ab6efaf30b2822a31bd5c590 --- /dev/null +++ b/common/telegraf/tasks/main.yml @@ -0,0 +1,38 @@ +--- +# Pakete installieren +- name: pakete installieren + apt: + pkg: "{{ item }}" + update_cache: yes + state: installed + with_items: + - telegraf + +- name: pakete installieren (host_type = physical) + apt: + pkg: "{{ item }}" + update_cache: yes + state: installed + with_items: + - hddtemp + - lm-sensors + - smartmontools + when: host_type == 'physical' + + +- name: create main config + template: src={{ item }} dest=/etc/telegraf/{{ item }} + with_items: + - telegraf.conf + notify: restart telegraf + + +- name: reload systemd and enable service + command: systemctl enable telegraf + notify: restart telegraf + + +- name: delete config file 1 + file: + path: "/etc/telegraf/telegraf.d/outputs-influxdb.conf" + state: absent diff --git a/common/telegraf/templates/telegraf.conf b/common/telegraf/templates/telegraf.conf new file mode 100644 index 0000000000000000000000000000000000000000..7bb562b51d24493b5c5db0172eaf4416cf0ab61e --- /dev/null +++ b/common/telegraf/templates/telegraf.conf @@ -0,0 +1,317 @@ + +# Global tags can be specified here in key="value" format. +[global_tags] + # dc = "us-east-1" # will tag all metrics with dc=us-east-1 + # rack = "1a" + ## Environment variables can be used as tags, and throughout the config file + # user = "$USER" + server = "true" + host_type = "{{host_type}}" + + +# Configuration for telegraf agent +[agent] + + ## Default data collection interval for all inputs + interval = "5s" + + ## Rounds collection interval to 'interval' + ## ie, if interval="10s" then always collect on :00, :10, :20, etc. + round_interval = true + + ## Telegraf will send metrics to outputs in batches of at most + ## metric_batch_size metrics. + ## This controls the size of writes that Telegraf sends to output plugins. + metric_batch_size = 1000 + + ## For failed writes, telegraf will cache metric_buffer_limit metrics for each + ## output, and will flush this buffer on a successful write. Oldest metrics + ## are dropped first when this buffer fills. + ## This buffer only fills when writes fail to output plugin(s). + metric_buffer_limit = 10000 + + ## Collection jitter is used to jitter the collection by a random amount. + ## Each plugin will sleep for a random time within jitter before collecting. + ## This can be used to avoid many plugins querying things like sysfs at the + ## same time, which can have a measurable effect on the system. + collection_jitter = "0s" + + ## Default flushing interval for all outputs. You shouldn't set this below + ## interval. Maximum flush_interval will be flush_interval + flush_jitter + flush_interval = "10s" + + ## Jitter the flush interval by a random amount. This is primarily to avoid + ## large write spikes for users running a large number of telegraf instances. + ## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s + flush_jitter = "0s" + + ## By default or when set to "0s", precision will be set to the same + ## timestamp order as the collection interval, with the maximum being 1s. + ## ie, when interval = "10s", precision will be "1s" + ## when interval = "250ms", precision will be "1ms" + ## Precision will NOT be used for service inputs. It is up to each individual + ## service input to set the timestamp at the appropriate precision. + ## Valid time units are "ns", "us" (or "µs"), "ms", "s". + precision = "" + + ## Logging configuration: + ## Run telegraf with debug log messages. + debug = false + + ## Run telegraf in quiet mode (error log messages only). + quiet = false + + ## Specify the log file name. The empty string means to log to stderr. + logfile = "" + + ## Override default hostname, if empty use os.Hostname() + hostname = "{{ inventory_hostname }}" + + ## If set to true, do no set the "host" tag in the telegraf agent. + omit_hostname = false + + +############################################################################### +# OUTPUT PLUGINS # +############################################################################### + + +# Configuration for sending metrics to InfluxDB +[[outputs.influxdb]] + ## The full HTTP or UDP URL for your InfluxDB instance. + ## + urls = ["{{influxdb_sysmon.url}}"] + + ## The target database for metrics; will be created as needed. + database = "{{influxdb_sysmon.db}}" + + ## If true, no CREATE DATABASE queries will be sent. Set to true when using + ## Telegraf with a user without permissions to create databases or when the + ## database already exists. + skip_database_creation = true + + ## Name of existing retention policy to write to. Empty string writes to + ## the default retention policy. + # retention_policy = "" + + ## Write consistency (clusters only), can be: "any", "one", "quorum", "all" + # write_consistency = "any" + + ## Timeout for HTTP messages. + # timeout = "5s" + + ## HTTP Basic Auth + username = "{{influxdb_sysmon.user}}" + password = "{{influxdb_sysmon.password}}" + + ## HTTP User-Agent + # user_agent = "telegraf" + + ## UDP payload size is the maximum packet size to send. + # udp_payload = 512 + + ## Optional SSL Config + # ssl_ca = "/etc/telegraf/ca.pem" + # ssl_cert = "/etc/telegraf/cert.pem" + # ssl_key = "/etc/telegraf/key.pem" + ## Use SSL but skip chain & host verification + # insecure_skip_verify = false + + ## HTTP Proxy override, if unset values the standard proxy environment + ## variables are consulted to determine which proxy, if any, should be used. + # http_proxy = "http://corporate.proxy:3128" + + ## Additional HTTP headers + # http_headers = {"X-Special-Header" = "Special-Value"} + + ## HTTP Content-Encoding for write request body, can be set to "gzip" to + ## compress body or "identity" to apply no encoding. + # content_encoding = "identity" + + ## When true, Telegraf will output unsigned integers as unsigned values, + ## i.e.: "42u". You will need a version of InfluxDB supporting unsigned + ## integer values. Enabling this option will result in field type errors if + ## existing data has been written. + # influx_uint_support = false + + + +############################################################################### +# INPUT PLUGINS # +############################################################################### + + +# Read metrics about system load & uptime +[[inputs.system]] + # no configuration + + +[[inputs.interrupts]] + # no configuration + + +[[inputs.linux_sysctl_fs]] + # no configuration + + +# Get kernel statistics from /proc/stat +[[inputs.kernel]] + # no configuration + + +# Read metrics about memory usage +[[inputs.mem]] + # no configuration + + +# Read metrics about swap memory usage +[[inputs.swap]] + # no configuration + + +# Get the number of processes and group them by status +[[inputs.processes]] + # no configuration + + +# Read metrics about cpu usage +[[inputs.cpu]] + ## Whether to report per-cpu stats or not + percpu = true + ## Whether to report total system cpu stats or not + totalcpu = true + ## If true, collect raw CPU time metrics. + collect_cpu_time = false + ## If true, compute and report the sum of all non-idle CPU states. + report_active = false + + +# Read metrics about disk usage by mount point +[[inputs.disk]] + ## By default stats will be gathered for all mount points. + ## Set mount_points will restrict the stats to only the specified mount points. + mount_points = ["/", "/srv"] + + ## Ignore mount points by filesystem type. + ignore_fs = ["tmpfs", "devtmpfs", "devfs", "sysfs", "overlay" ] + + +# Read metrics about disk IO by device +[[inputs.diskio]] + ## By default, telegraf will gather stats for all devices including + ## disk partitions. + ## Setting devices will restrict the stats to the specified devices. + # devices = ["sda", "sdb"] + ## Uncomment the following line if you need disk serial numbers. + # skip_serial_number = false + # + ## On systems which support it, device metadata can be added in the form of + ## tags. + ## Currently only Linux is supported via udev properties. You can view + ## available properties for a device by running: + ## 'udevadm info -q property -n /dev/sda' + # device_tags = ["ID_FS_TYPE", "ID_FS_USAGE"] + # + ## Using the same metadata source as device_tags, you can also customize the + ## name of the device via templates. + ## The 'name_templates' parameter is a list of templates to try and apply to + ## the device. The template may contain variables in the form of '$PROPERTY' or + ## '${PROPERTY}'. The first template which does not contain any variables not + ## present for the device is used as the device name tag. + ## The typical use case is for LVM volumes, to get the VG/LV name instead of + ## the near-meaningless DM-0 name. + # name_templates = ["$ID_FS_LABEL","$DM_VG_NAME/$DM_LV_NAME"] + + +# Read metrics about network interface usage +[[inputs.net]] + ## By default, telegraf gathers stats from any up interface (excluding loopback) + ## Setting interfaces will tell it to gather these explicit interfaces, + ## regardless of status. + ## + interfaces = ["eth*", "en*"] + ## + ## On linux systems telegraf also collects protocol stats. + ## Setting ignore_protocol_stats to true will skip reporting of protocol metrics. + ## + # ignore_protocol_stats = false + ## + +# Read metrics about network usage +[[inputs.netstat]] + # no configuration + + # Collects conntrack stats from the configured directories and files. + [[inputs.conntrack]] + ## The following defaults would work with multiple versions of conntrack. + ## Note the nf_ and ip_ filename prefixes are mutually exclusive across + ## kernel versions, as are the directory locations. + + ## Superset of filenames to look for within the conntrack dirs. + ## Missing files will be ignored. + files = ["ip_conntrack_count","ip_conntrack_max", + "nf_conntrack_count","nf_conntrack_max"] + + ## Directories to search within for the conntrack files above. + ## Missing directrories will be ignored. + dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"] + + +{% if host_type == 'physical' %} + +# Monitor disks' temperatures using hddtemp +[[inputs.hddtemp]] + ## By default, telegraf gathers temps data from all disks detected by the + ## hddtemp. + ## + ## Only collect temps from the selected disks. + ## + ## A * as the device name will return the temperature values of all disks. + ## + # address = "127.0.0.1:7634" + # devices = ["sda", "*"] + + +# Monitor sensors, requires lm-sensors package +[[inputs.sensors]] + ## Remove numbers from field names. + ## If true, a field name like 'temp1_input' will be changed to 'temp_input'. + # remove_numbers = true + + +# Read metrics from storage devices supporting S.M.A.R.T. +[[inputs.smart]] + ## Optionally specify the path to the smartctl executable + # path = "/usr/bin/smartctl" + # + ## On most platforms smartctl requires root access. + ## Setting 'use_sudo' to true will make use of sudo to run smartctl. + ## Sudo must be configured to to allow the telegraf user to run smartctl + ## with out password. + # use_sudo = false + # + ## Skip checking disks in this power mode. Defaults to + ## "standby" to not wake up disks that have stoped rotating. + ## See --nocheck in the man pages for smartctl. + ## smartctl version 5.41 and 5.42 have faulty detection of + ## power mode and might require changing this value to + ## "never" depending on your disks. + # nocheck = "standby" + # + ## Gather detailed metrics for each SMART Attribute. + ## Defaults to "false" + ## + # attributes = false + # + ## Optionally specify devices to exclude from reporting. + # excludes = [ "/dev/pass6" ] + # + ## Optionally specify devices and device type, if unset + ## a scan (smartctl --scan) for S.M.A.R.T. devices will + ## done and all found will be included except for the + ## excluded in excludes. + # devices = [ "/dev/ada0 -d atacam" ] + + +{% else %} +{% endif %} \ No newline at end of file diff --git a/group_vars/all b/group_vars/all index 6321239bcc5c5bc6d9b9aa9cc192744a848fd2a3..4e260e204764c8bc3f3afa6e4100551e7d26424d 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,5 +6,13 @@ ldap_ip_ext: 10.0.20.2 # int ist noch ungenutzt / später replikation in der Zone ldap_ip_int: 10.0.20.2 -ldap_base_dn: DC=warpzone,DC=ms -ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms \ No newline at end of file +ldap_base_dn: dc=warpzone,dc=ms +ldap_readonly_bind_dn: cn=readonly,dc=warpzone,dc=ms + +# Zentrale InfluxDb für Systemmonitoring +influxdb_sysmon: + url: "http://192.168.0.201:18086" + db: "influx" + user: "influx" + password: "influx" + diff --git a/host_vars/vorstandspi b/host_vars/vorstandspi index ccc3116fa232344ff2b850650bdb0f8e8619b034..e998a6d9d1a362e0d5f4f795876787c7928ed170 100644 --- a/host_vars/vorstandspi +++ b/host_vars/vorstandspi @@ -10,6 +10,10 @@ debian_sources: debian_keys: +# Art des Hosts: physical, vm, docker +host_type: "physical" + + administratorenteam: - "ole" - "larsm" diff --git a/host_vars/warphab b/host_vars/warphab index b14fd6421548aaa992f6bbf4bc43d4396fc157b9..4368b1f6f6217c9b18014cd678a45d72c00fea34 100644 --- a/host_vars/warphab +++ b/host_vars/warphab @@ -14,6 +14,9 @@ debian_keys: - "https://homegear.eu/packages/Release.key" - "https://bintray.com/user/downloadSubjectPublicKey?username=openhab" +# Art des Hosts: physical, vm, docker +host_type: "physical" + administratorenteam: - "user51" - "void" diff --git a/host_vars/warpsrvext b/host_vars/warpsrvext index 3691f9540aa5cc88542dbc437e5c6c15332acdde..8cad5795da49183a3abbada8f2d60472c1cfef51 100644 --- a/host_vars/warpsrvext +++ b/host_vars/warpsrvext @@ -12,6 +12,9 @@ debian_sources: debian_keys: +# Art des Hosts: physical, vm, docker +host_type: "physical" + administratorenteam: - "void" - "sandhome" diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint index 741dfea354ad4da9daf38e2670413c31a61170ac..2e8146eba7eb50522de961e540f36fd053d2cef8 100644 --- a/host_vars/warpsrvint +++ b/host_vars/warpsrvint @@ -11,10 +11,17 @@ debian_sources: - "deb http://debian.uni-duisburg-essen.de/debian/ jessie-updates main contrib non-free" - "deb http://ftp.debian.org/debian jessie-backports main" - "deb https://apt.dockerproject.org/repo debian-jessie main" - - "deb [arch=amd64] https://download.docker.com/linux/debian jessie stable" + - "deb https://download.docker.com/linux/debian jessie stable" + - "deb https://repos.influxdata.com/debian stretch stable" debian_keys: - "https://download.docker.com/linux/debian/gpg" + - "https://repos.influxdata.com/influxdb.key" + + +# Art des Hosts: physical, vm, docker +host_type: "physical" + webserver_domains: - "infra" diff --git a/host_vars/webserver b/host_vars/webserver index 706af93e1418634333552f30ef614d820775a250..8259eadb9332f26d8e28c9ddda8c1aad1f2c9196 100644 --- a/host_vars/webserver +++ b/host_vars/webserver @@ -10,10 +10,16 @@ debian_sources: - "deb http://security.debian.org/ stretch/updates main contrib non-free" - "deb http://ftp.de.debian.org/debian/ stretch-updates main" - "deb http://ftp.halifax.rwth-aachen.de/debian/ stretch-updates main contrib non-free" - - "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" + - "deb https://download.docker.com/linux/debian stretch stable" + - "deb https://repos.influxdata.com/debian stretch stable" debian_keys: - "https://download.docker.com/linux/debian/gpg" + - "https://repos.influxdata.com/influxdb.key" + + +# Art des Hosts: physical, vm, docker +host_type: "vm" letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221 @@ -21,6 +27,8 @@ letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df letsencrypt_mail: verwaltung@warpzone.ms webserver_domains: + - "auth" + - "alerta" - "gitlab" - "infra" - "infra-test" @@ -32,6 +40,7 @@ webserver_domains: - "proxy.jabber-test" - "ldap" - "mattermost" + - "md" - "pad" - "wiki" - "www" diff --git a/warpsrvint/docker_influx/tasks/main.yml b/warpsrvint/docker_influx/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..204f09e9082e115df82d6a4037a9352642d77e07 --- /dev/null +++ b/warpsrvint/docker_influx/tasks/main.yml @@ -0,0 +1,37 @@ +--- + +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/influx/influx_admin_pw, length: 24 } + + +- name: create folder struct for influx + file: + path: "{{ item }}" + state: "directory" + with_items: + - /srv/influx/ + - /srv/influx/sysmon/ + + +- name: Konfig-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/influx/{{ item }}" + with_items: + - docker-compose.yml + + +- name: Script-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/influx/{{ item }}" + mode: "o+rwx" + with_items: + - influx_sysmon.sh + + +- name: start influx docker + docker_service: + project_src: /srv/influx/ + state: present diff --git a/warpsrvint/docker_influx/templates/docker-compose.yml b/warpsrvint/docker_influx/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..ae6ed6f5c4f5c39f89cece696471bbc6dce0941a --- /dev/null +++ b/warpsrvint/docker_influx/templates/docker-compose.yml @@ -0,0 +1,22 @@ +version: "3" + +services: + + sysmon: + + image: influxdb:1.5.3 + restart: always + ports: + - 0.0.0.0:18086:8086 + volumes: + - /srv/influx/sysmon/:/var/lib/influxdb + environment: + INFLUXDB_DB: "{{influxdb_sysmon.db}}" + INFLUXDB_ADMIN_USER: "admin" + INFLUXDB_ADMIN_PASSWORD: "{{ influx_admin_pw }}" + INFLUXDB_USER: "{{influxdb_sysmon.user}}" + INFLUXDB_USER_PASSWORD: "{{influxdb_sysmon.password}}" + INFLUXDB_HTTP_AUTH_ENABLED: "true" + + + diff --git a/warpsrvint/docker_influx/templates/influx_sysmon.sh b/warpsrvint/docker_influx/templates/influx_sysmon.sh new file mode 100644 index 0000000000000000000000000000000000000000..767ceb2e8e11f7bba2f027e68111c694a52bd4ef --- /dev/null +++ b/warpsrvint/docker_influx/templates/influx_sysmon.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# Influx Admin Konsole +# Usage: ./influx_sysmon.sh + +docker-compose exec sysmon influx -database "{{influxdb_sysmon.db}}" -password "{{ influx_admin_pw }}" -username "admin" diff --git a/warpsrvint/docker_influxdb/tasks/main.yml b/warpsrvint/docker_influxdb/tasks/main.yml deleted file mode 100644 index 6c3054a825adaf92ea0b125958e7e75dbdf89531..0000000000000000000000000000000000000000 --- a/warpsrvint/docker_influxdb/tasks/main.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: create folder struct for influxdb - file: - path: "{{ item }}" - state: "directory" - with_items: - - "/srv/influxdb/" - - "/srv/influxdb/data/" - -- name: Docker Compose Konfig-Datei erstellen - template: - src: "docker-compose.yml" - dest: "/srv/influxdb/docker-compose.yml" - -- name: start influxdb docker - docker_service: - project_src: /srv/influxdb/ - state: present diff --git a/warpsrvint/docker_influxdb/templates/docker-compose.yml b/warpsrvint/docker_influxdb/templates/docker-compose.yml deleted file mode 100644 index 2a6d208a01ef91f0c079ed1b7cf6c371aecd52ef..0000000000000000000000000000000000000000 --- a/warpsrvint/docker_influxdb/templates/docker-compose.yml +++ /dev/null @@ -1,16 +0,0 @@ -version: "3" - -services: - - db: - - image: influxdb:1.5.1 - restart: always - ports: - - 8086:8086 - - 2003:2003 - volumes: - - /srv/influxdb/data/:/var/lib/influxdb - environment: - INFLUXDB_GRAPHITE_ENABLED: "true" - diff --git a/warpsrvint/docker_kapacitor/handlers/main.yaml b/warpsrvint/docker_kapacitor/handlers/main.yaml new file mode 100644 index 0000000000000000000000000000000000000000..04e217e8ec0446626eb8fcfb9a10df04c927263a --- /dev/null +++ b/warpsrvint/docker_kapacitor/handlers/main.yaml @@ -0,0 +1,7 @@ +--- + +- name: restart kapacitor docker + docker_service: + project_src: /srv/kapacitor/ + state: present + restarted: yes diff --git a/warpsrvint/docker_kapacitor/tasks/main.yaml b/warpsrvint/docker_kapacitor/tasks/main.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d888c731d3eae5b9eea23955c8d7b69d0c3a1e78 --- /dev/null +++ b/warpsrvint/docker_kapacitor/tasks/main.yaml @@ -0,0 +1,58 @@ +--- +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/influx/influx_admin_pw, length: 24 } + - { path: /srv/kapacitor/alerta_token, length: -1 } + +- name: create folder struct for kapacitor + file: + path: "{{ item }}" + state: "directory" + with_items: + - /srv/kapacitor/ + - /srv/kapacitor/data/ + - /srv/kapacitor/load/ + - /srv/kapacitor/load/tasks/ + - /srv/kapacitor/load/templates/ + - /srv/kapacitor/load/handlers/ + + +- name: Konfig-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/kapacitor/{{ item }}" + with_items: + - docker-compose.yml + - kapacitor.conf + notify: restart kapacitor docker + +- name: Script-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/kapacitor/{{ item }}" + mode: "o+rwx" + with_items: + - kapacitor_listtasks.sh + - kapacitor_show.sh + - kapacitor_watch.sh + +- name: Kapacitor-Tasks erstellen + template: + src: "{{ item }}" + dest: "/srv/kapacitor/load/tasks/{{ item }}" + with_items: + - task_cpu_high.tick + - task_disk_low.tick + - task_load1_high.tick + - task_load5_high.tick + - task_load15_high.tick + - task_mem_used.tick + - task_notraffic_globe.tick + - task_notraffic_telekom.tick + notify: restart kapacitor docker + + +- name: start kapacitor docker + docker_service: + project_src: /srv/kapacitor/ + state: present diff --git a/warpsrvint/docker_kapacitor/templates/docker-compose.yml b/warpsrvint/docker_kapacitor/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..1266c2c501a5852791f4383c9db5e6371c07e248 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/docker-compose.yml @@ -0,0 +1,14 @@ +version: "3" + +services: + + app: + + image: kapacitor:1.5 + restart: always + ports: + - 0.0.0.0:9092:9092 + volumes: + - /srv/kapacitor/kapacitor.conf:/etc/kapacitor/kapacitor.conf:ro + - /srv/kapacitor/data/:/var/lib/kapacitor/ + - /srv/kapacitor/load/:/etc/kapacitor/load diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor.conf b/warpsrvint/docker_kapacitor/templates/kapacitor.conf new file mode 100644 index 0000000000000000000000000000000000000000..65e62af556a824f9edd02363743874704024d307 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/kapacitor.conf @@ -0,0 +1,232 @@ + +# The hostname of this node. +# Must be resolvable by any configured InfluxDB hosts. +hostname = "10.5.0.111" + +# Directory for storing a small amount of metadata about the server. +data_dir = "/var/lib/kapacitor" + +# Do not apply configuration overrides during startup. +# Useful if the configuration overrides cause Kapacitor to fail startup. +# This option is intended as a safe guard and should not be needed in practice. +skip-config-overrides = true + +# Default retention-policy, if a write is made to Kapacitor and +# it does not have a retention policy associated with it, +# then the retention policy will be set to this value +default-retention-policy = "" + + +[http] + # HTTP API Server for Kapacitor + # This server is always on, + # it serves both as a write endpoint + # and as the API endpoint for all other + # Kapacitor calls. + bind-address = ":9092" + log-enabled = true + write-tracing = false + pprof-enabled = false + https-enabled = false + + +[config-override] + # Enable/Disable the service for overridding configuration via the HTTP API. + enabled = true + + +[logging] + # Destination for logs + # Can be a path to a file or 'STDOUT', 'STDERR'. + file = "STDOUT" + # Logging level can be one of: + # DEBUG, INFO, ERROR + # HTTP logging can be disabled in the [http] config section. + level = "INFO" + + +[load] + # Enable/Disable the service for loading tasks/templates/handlers + # from a directory + enabled = true + # Directory where task/template/handler files are set + dir = "/etc/kapacitor/load" + + +[replay] + # Where to store replay files, aka recordings. + dir = "/var/lib/kapacitor/replay" + + +[task] + # Where to store the tasks database + # DEPRECATED: This option is not needed for new installations. + # It is only used to determine the location of the task.db file + # for migrating to the new `storage` service. + dir = "/var/lib/kapacitor/tasks" + # How often to snapshot running task state. + snapshot-interval = "60s" + + +[storage] + # Where to store the Kapacitor boltdb database + boltdb = "/var/lib/kapacitor/kapacitor.db" + + +[deadman] + # Configure a deadman's switch + # Globally configure deadman's switches on all tasks. + # NOTE: for this to be of use you must also globally configure at least one alerting method. + global = false + # Threshold, if globally configured the alert will be triggered if the throughput in points/interval is <= threshold. + threshold = 5.0 + # Interval, if globally configured the frequency at which to check the throughput. + interval = "10s" + {% raw %} + # Id -- the alert Id, NODE_NAME will be replaced with the name of the node being monitored. + id = "node 'NODE_NAME' in task '{{ .TaskName }}'" + # The message of the alert. INTERVAL will be replaced by the interval. + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"collected\" | printf \"%0.3f\" }} points/INTERVAL." + {% endraw %} + +# Multiple InfluxDB configurations can be defined. +# Exactly one must be marked as the default. +# Each one will be given a name and can be referenced in batch queries and InfluxDBOut nodes. +[[influxdb]] + # Connect to an InfluxDB cluster + # Kapacitor can subscribe, query and write to this cluster. + # Using InfluxDB is not required and can be disabled. + enabled = true + default = true + name = "sysmon" + urls = [ "{{ influxdb_sysmon.url }}" ] + username = "admin" + password = "{{ influx_admin_pw }}" + timeout = 0 + + # Do not verify the TLS/SSL certificate. + # This is insecure. + insecure-skip-verify = false + + # Maximum time to try and connect to InfluxDB during startup + startup-timeout = "5m" + + # Turn off all subscriptions + disable-subscriptions = false + + # Subscription mode is either "cluster" or "server" + subscription-mode = "server" + + # Which protocol to use for subscriptions + # one of 'udp', 'http', or 'https'. + subscription-protocol = "http" + + # Subscriptions resync time interval + # Useful if you want to subscribe to new created databases + # without restart Kapacitord + subscriptions-sync-interval = "1m0s" + + # Override the global hostname option for this InfluxDB cluster. + # Useful if the InfluxDB cluster is in a separate network and + # needs special config to connect back to this Kapacitor instance. + # Defaults to `hostname` if empty. + kapacitor-hostname = "" + + # Override the global http port option for this InfluxDB cluster. + # Useful if the InfluxDB cluster is in a separate network and + # needs special config to connect back to this Kapacitor instance. + # Defaults to the port from `[http] bind-address` if 0. + http-port = 0 + + # Host part of a bind address for UDP listeners. + # For example if a UDP listener is using port 1234 + # and `udp-bind = "hostname_or_ip"`, + # then the UDP port will be bound to `hostname_or_ip:1234` + # The default empty value will bind to all addresses. + udp-bind = "" + # Subscriptions use the UDP network protocl. + # The following options of for the created UDP listeners for each subscription. + # Number of packets to buffer when reading packets off the socket. + udp-buffer = 1000 + # The size in bytes of the OS read buffer for the UDP socket. + # A value of 0 indicates use the OS default. + udp-read-buffer = 0 + + [influxdb.subscriptions] + # Set of databases and retention policies to subscribe to. + # If empty will subscribe to all, minus the list in + # influxdb.excluded-subscriptions + # + # Format + # db_name = <list of retention policies> + # + # Example: + # my_database = [ "default", "longterm" ] + [influxdb.excluded-subscriptions] + # Set of databases and retention policies to exclude from the subscriptions. + # If influxdb.subscriptions is empty it will subscribe to all + # except databases listed here. + # + # Format + # db_name = <list of retention policies> + # + # Example: + # my_database = [ "default", "longterm" ] + + +[alerta] + # Configure Alerta. + enabled = true + # The Alerta URL. + url = "https://alerta.warpzone.ms/api" + # Default authentication token. + token = "{{ alerta_token }}" + # Default token prefix + # If you are on older versions of alerta you may need to change this to "Key" + token-prefix = "Key" + # Default environment. + environment = "warpzone" + # Default origin. + origin = "Kapacitor" + + +[udf] +# Configuration for UDFs (User Defined Functions) +[udf.functions] + # Example go UDF. + # First compile example: + # go build -o avg_udf ./udf/agent/examples/moving_avg.go + # + # Use in TICKscript like: + # stream.goavg() + # .field('value') + # .size(10) + # .as('m_average') + # + # uncomment to enable + #[udf.functions.goavg] + # prog = "./avg_udf" + # args = [] + # timeout = "10s" + + # Example python UDF. + # Use in TICKscript like: + # stream.pyavg() + # .field('value') + # .size(10) + # .as('m_average') + # + # uncomment to enable + #[udf.functions.pyavg] + # prog = "/usr/bin/python2" + # args = ["-u", "./udf/agent/examples/moving_avg.py"] + # timeout = "10s" + # [udf.functions.pyavg.env] + # PYTHONPATH = "./udf/agent/py" + + # Example UDF over a socket + #[udf.functions.myCustomUDF] + # socket = "/path/to/socket" + # timeout = "10s" + + diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh new file mode 100644 index 0000000000000000000000000000000000000000..1a279f21bb703245d4356e34cefc0109466b0b22 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/kapacitor_listtasks.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# Show Kapacitor Tasks +# Usage: ./kapacitor_listtasks.sh + +docker-compose exec app kapacitor list tasks diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh new file mode 100644 index 0000000000000000000000000000000000000000..152f907a318e786540fc3d5c0059a494e1d917a5 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/kapacitor_show.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# Show Kapacitor Task +# Usage: ./kapacitor_show.sh <task> + +docker-compose exec app kapacitor show $1 diff --git a/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh b/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh new file mode 100644 index 0000000000000000000000000000000000000000..f1dece53b88916da87965cebbace97f7afa948fd --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/kapacitor_watch.sh @@ -0,0 +1,8 @@ +#!/bin/sh +# Show Kapacitor Task Logs +# Usage: ./kapacitor_watch.sh <task> + +docker-compose exec app kapacitor show $1 + +docker-compose exec app kapacitor reload $1 +docker-compose exec app kapacitor watch $1 diff --git a/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick b/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick new file mode 100644 index 0000000000000000000000000000000000000000..7c56e993f211bd290d2c7a512ff4bb5747aedfae --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_cpu_high.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT mean("usage_user") + mean("usage_system") + mean("usage_iowait") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."cpu" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}/cpu_high') + .message('{{ .ID }}:{{ index .Fields "value" }}') + .info(lambda: "value" > 60 ) + .warn(lambda: "value" > 80 ) + .crit(lambda: "value" > 90 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_disk_low.tick b/warpsrvint/docker_kapacitor/templates/task_disk_low.tick new file mode 100644 index 0000000000000000000000000000000000000000..38b46e17e93936812e213512a95ad1bcf50e3eec --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_disk_low.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT (mean("total") - mean("free")) / mean("total") * 100 AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."disk" WHERE path = "/"' or path = "/srv" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host','path') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}::{{ index .Tags "path" }}::disk_low') + .message('{{ .ID }}::{{ index .Fields "value" }}') + .info(lambda: "value" > 80 ) + .warn(lambda: "value" > 95 ) + .crit(lambda: "value" > 98 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_load15_high.tick b/warpsrvint/docker_kapacitor/templates/task_load15_high.tick new file mode 100644 index 0000000000000000000000000000000000000000..f35252169a1905c4e82c32937771f5ddf590fbbb --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_load15_high.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT mean(load15) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}/load15_high') + .message('{{ .ID }}:{{ index .Fields "value" }}') + .info(lambda: "value" > 4 ) + .warn(lambda: "value" > 8 ) + .crit(lambda: "value" > 16 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_load1_high.tick b/warpsrvint/docker_kapacitor/templates/task_load1_high.tick new file mode 100644 index 0000000000000000000000000000000000000000..ebd775b7b1520f03889370eb5a65654fd76346b9 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_load1_high.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT mean(load1) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}/load1_high') + .message('{{ .ID }}:{{ index .Fields "value" }}') + .info(lambda: "value" > 6 ) + .warn(lambda: "value" > 12 ) + .crit(lambda: "value" > 24 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_load5_high.tick b/warpsrvint/docker_kapacitor/templates/task_load5_high.tick new file mode 100644 index 0000000000000000000000000000000000000000..f44c8d3e16721db781f24c1c9bb7fff38928a8c0 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_load5_high.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT mean(load5) AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."system" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}/load5_high') + .message('{{ .ID }}:{{ index .Fields "value" }}') + .info(lambda: "value" > 5 ) + .warn(lambda: "value" > 10 ) + .crit(lambda: "value" > 20 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_mem_used.tick b/warpsrvint/docker_kapacitor/templates/task_mem_used.tick new file mode 100644 index 0000000000000000000000000000000000000000..4b443a4d89b3bfdad63ddc4f3e7a0a3e3517fee3 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_mem_used.tick @@ -0,0 +1,24 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + + +var data =batch + |query(''' SELECT mean("used_percent") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."mem" ''') + .period(5m) + .every(30s) + .fill('linear') + .groupBy('host') + +{% raw %} + +data + |alert() + .id('{{ index .Tags "host"}}/mem_used') + .message('{{ .ID }}:{{ index .Fields "value" }}') + .info(lambda: "value" > 85 ) + .warn(lambda: "value" > 90 ) + .crit(lambda: "value" > 95 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick b/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick new file mode 100644 index 0000000000000000000000000000000000000000..805cf32aed73503ca2d12a9aa2ecadbe7d88cf33 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_notraffic_globe.tick @@ -0,0 +1,18 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + +var data =batch + |query(''' SELECT sum("packets_recv") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."net" WHERE ("interface" = 'igb1') ''') + .period(5m) + .every(30s) + +{% raw %} + +data + |alert() + .id('No Traffic for 5m on Globe') + .crit(lambda: "value" > 9 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick b/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick new file mode 100644 index 0000000000000000000000000000000000000000..b8f21cb47f117cc102a822c2402ecd2eba346bb0 --- /dev/null +++ b/warpsrvint/docker_kapacitor/templates/task_notraffic_telekom.tick @@ -0,0 +1,18 @@ + + +dbrp "{{ influxdb_sysmon.db }}"."autogen" + +var data =batch + |query(''' SELECT sum("packets_recv") AS value FROM "{{ influxdb_sysmon.db }}"."autogen"."net" WHERE ("interface" = 'igb0') ''') + .period(5m) + .every(30s) + +{% raw %} + +data + |alert() + .id('No Traffic for 5m on Telekom') + .crit(lambda: "value" > 9 ) + .alerta() + +{% endraw %} diff --git a/warpsrvint/main.yml b/warpsrvint/main.yml index c9c79a23c1be3d4bc4c51c9f6d6cfdc710270b27..796cbd87d63755b4a51789810a9b829333742e4e 100644 --- a/warpsrvint/main.yml +++ b/warpsrvint/main.yml @@ -5,12 +5,13 @@ roles: - { role: ../common/borgbackup, tags: borgbackup } - { role: ../common/borgserver, tags: borgserver } - - { role: ../common/prometheus-node, tags: prometheus-node } - { role: ../common/docker, tags: docker } + - { role: ../common/telegraf, tags: telegraf } - { role: nginx, tags: nginx } - { role: docker_grafana, tags: grafana } - - { role: docker_influxdb, tags: influxdb } + - { role: docker_influx, tags: influx } - { role: docker_iobroker, tags: iobroker } + - { role: docker_kapacitor, tags: kapacitor } - { role: docker_librenms, tags: librenms } - { role: docker_l4z0r, tags: l4z0r } # - { role: docker_ldap, tags: ldap } diff --git a/webserver/docker_alerta/handlers/main.yml b/webserver/docker_alerta/handlers/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..57d4fb785e9c699dbaa9faf5697c8cea5d410b81 --- /dev/null +++ b/webserver/docker_alerta/handlers/main.yml @@ -0,0 +1,7 @@ +--- + +- name: restart alerta docker + docker_service: + project_src: /srv/alerta/ + state: present + restarted: yes diff --git a/webserver/docker_alerta/tasks/main.yml b/webserver/docker_alerta/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..2dda680d86e10d8975ed41b08efabaf43ac1f3fa --- /dev/null +++ b/webserver/docker_alerta/tasks/main.yml @@ -0,0 +1,45 @@ +--- + +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/alerta/alerta_secret_key, length: 24 } + - { path: /srv/alerta/alerta_oauth_client_secret, length: -1 } + - { path: /srv/alerta/alerta_token, length: -1 } + - { path: /srv/alerta/telegram_token, length: -1 } + - { path: /srv/alerta/telegram_chatid, length: -1 } + + +- name: create folder struct for alerta + file: + path: "{{ item }}" + state: "directory" + with_items: + - /srv/alerta/ + - /srv/alerta/db/ + + +- name: Konfig-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/alerta/{{ item }}" + with_items: + - docker-compose.yml + - alertad.conf + - config.js + - telegram.txt + notify: restart alerta docker + + +- name: Script-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/alerta/{{ item }}" + mode: "o+rwx" + with_items: + - testalert.sh + + +- name: start alerta docker + docker_service: + project_src: /srv/alerta/ + state: present diff --git a/webserver/docker_alerta/templates/alertad.conf b/webserver/docker_alerta/templates/alertad.conf new file mode 100644 index 0000000000000000000000000000000000000000..f07264071d5df9c9a890948a37fd2b65176a7a9c --- /dev/null +++ b/webserver/docker_alerta/templates/alertad.conf @@ -0,0 +1,25 @@ + +DEBUG = False +PLUGINS = [ 'blackout','normalise','reject','telegram' ] + +SENDER_API_ALLOW = 'ON' +BLACKOUT_DURATION = 43200 +ALLOWED_ENVIRONMENTS = [ 'warpzone' ] + +KEYCLOAK_URL = 'https://auth.warpzone.ms' +KEYCLOAK_REALM = 'master' +OAUTH2_CLIENT_ID = 'alerta-ui' +OAUTH2_CLIENT_SECRET = '{{ alerta_oauth_client_secret }}' +ALLOWED_KEYCLOAK_ROLES = [ '*' ] + +SECRET_KEY = '{{ alerta_secret_key }}' +DATABASE_URL = 'postgres://alerta:alerta@db:5432/alerta' + +AUTH_REQUIRED = True +ADMIN_USERS = [ '' ] + +CUSTOMER_VIEWS = False + +TELEGRAM_TOKEN = '{{ telegram_token }}' +TELEGRAM_CHAT_ID = '{{ telegram_chatid }}' +TELEGRAM_TEMPLATE = "/app/telegram.txt" diff --git a/webserver/docker_alerta/templates/config.js b/webserver/docker_alerta/templates/config.js new file mode 100644 index 0000000000000000000000000000000000000000..6882bfc8b89298220e7aa35dd3f9aa41c88ca16d --- /dev/null +++ b/webserver/docker_alerta/templates/config.js @@ -0,0 +1,18 @@ +'use strict'; + +angular.module('config', []) + .constant('config', { + 'endpoint' : "https://"+window.location.hostname+"/api", + 'provider' : "keycloak", // google, github, gitlab, saml2 or basic + 'client_id' : "alerta-ui", + 'keycloak_url': "https://auth.warpzone.ms", + 'keycloak_realm': "master", + + 'dates': { + 'shortTime' : 'HH:MM', + 'mediumDate': 'd.MM.yyyy', + 'longDate' : 'EEEE, MMMM d, yyyy HH:MM ss.sss (Z)' // Tuesday, April 26, 2016 13:39:43.987 (+0100) + }, + + 'refresh_interval': 30000 // Auto-refresh interval set to 30 seconds +}); diff --git a/webserver/docker_alerta/templates/docker-compose.yml b/webserver/docker_alerta/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..3485d59256bf6ef91ed4f607425b4be098dc32ad --- /dev/null +++ b/webserver/docker_alerta/templates/docker-compose.yml @@ -0,0 +1,32 @@ + + +version: "3" + +services: + + app: + + image: alerta/alerta-web:5.2.4 + restart: always + ports: + - 0.0.0.0:42008:8080 + volumes: + - /srv/alerta/alertad.conf:/app/alertad.conf + - /srv/alerta/telegram.txt:/app/telegram.txt + - /srv/alerta/config.js:/web/config.js + depends_on: + - db + environment: + INSTALL_PLUGINS: "normalise,telegram" + + + db: + + image: postgres + restart: always + volumes: + - /srv/alerta/db:/var/lib/postgresql/data + environment: + POSTGRES_DB: alerta + POSTGRES_USER: alerta + POSTGRES_PASSWORD: alerta diff --git a/webserver/docker_alerta/templates/telegram.txt b/webserver/docker_alerta/templates/telegram.txt new file mode 100644 index 0000000000000000000000000000000000000000..f5fdb991da1fef5fc3549e4b72f3272222d5e4cc --- /dev/null +++ b/webserver/docker_alerta/templates/telegram.txt @@ -0,0 +1,9 @@ +{% raw %} +{% if customer %}Customer: `{{customer}}` {% endif %} +*[{{ status.capitalize() }}] {{ environment }} {{ severity.capitalize() }}* +{{ event | replace("_","\_") }} {{ resource.capitalize() }} +``` +{{ text }} +``` +https://alerta.warpzone.ms/#/alert/{{ id }} +{% endraw %} \ No newline at end of file diff --git a/webserver/docker_alerta/templates/testalert.sh b/webserver/docker_alerta/templates/testalert.sh new file mode 100644 index 0000000000000000000000000000000000000000..5f13c221b3b0a9f4336f0a2936f6eb2fdabff7a8 --- /dev/null +++ b/webserver/docker_alerta/templates/testalert.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +curl -XPOST https://alerta.warpzone.ms/api/alert \ +-H 'Authorization: Key {{alerta_token}}' \ +-H 'Content-type: application/json' \ +-d '{ + "attributes": { + "region": "EU" + }, + "correlate": [ + "HttpServerError", + "HttpServerOK" + ], + "environment": "warpzone", + "event": "HttpServerError", + "group": "Web", + "origin": "curl", + "resource": "web01", + "service": [ + "example.com" + ], + "severity": "major", + "tags": [ + "dc1" + ], + "text": "Site is down.", + "type": "exceptionAlert", + "value": "Bad Gateway (501)" + }' diff --git a/webserver/docker_gitlab/templates/gitlab.rb b/webserver/docker_gitlab/templates/gitlab.rb index e8981e0795e83bfa488173c97f0326cfddeb9ac0..1a2781bcdf7e0f325b9966d2aea67756a2771a18 100644 --- a/webserver/docker_gitlab/templates/gitlab.rb +++ b/webserver/docker_gitlab/templates/gitlab.rb @@ -96,9 +96,9 @@ ldap_servers_template = <<-'EOS' port: 389 uid: 'uid' method: 'plain' - bind_dn: 'cn=readonly,dc=warpzone,dc=ms' + bind_dn: '{{ ldap_readonly_bind_dn }}' password: '{{ ldap_readonly_pass }}' - base: 'dc=warpzone,dc=ms' + base: '{{ ldap_base_dn }}' user_filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))' attributes: username: ['uid', 'cn'] diff --git a/webserver/docker_hackmd/tasks/main.yml b/webserver/docker_hackmd/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..f24578eb5b3e8cde1e5cc3d69c9e1072a7b8771f --- /dev/null +++ b/webserver/docker_hackmd/tasks/main.yml @@ -0,0 +1,32 @@ +--- + +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/hackmd/mysql_root_pass, length: 24 } + - { path: /srv/hackmd/mysql_user_pass, length: 12 } + - { path: /srv/hackmd/hackmd_session_secret, length: 32 } + - { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 } + + +- name: create folder struct for hackmd + file: + path: "{{ item }}" + state: "directory" + with_items: + - /srv/hackmd/ + - /srv/hackmd/db/ + + +- name: Konfig-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/hackmd/{{ item }}" + with_items: + - docker-compose.yml + - mysql-utf8.cnf + + +- name: start hackmd docker + docker_service: + project_src: /srv/hackmd/ + state: present diff --git a/webserver/docker_hackmd/templates/docker-compose.yml b/webserver/docker_hackmd/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..60023d58f3f36494fb93ce944a3f6a8e5322dc30 --- /dev/null +++ b/webserver/docker_hackmd/templates/docker-compose.yml @@ -0,0 +1,43 @@ + +version: "3" + +services: + + app: + + image: hackmdio/hackmd:1.2.0 + restart: always + depends_on: + - db + ports: + - 127.0.0.1:42007:3000 + environment: + HMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd" + CMD_SESSION_SECRET: "{{ hackmd_session_secret }}" + CMD_ALLOW_ANONYMOUS: "true" + CMD_ALLOW_ANONYMOUS_EDITS: "true" + CMD_DEFAULT_PERMISSION: "freely" + CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389" + CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}" + CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}" + CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}" + CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))" + CMD_LDAP_SEARCHATTRIBUTES: "uid" + CMD_LDAP_USERIDFIELD: "uid" + CMD_LDAP_USERNAMEFIELD: "uid" + CMD_EMAIL: "false" + + + db: + + image: mariadb:10 + volumes: + - /srv/hackmd/db:/var/lib/mysql + - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf + environment: + MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}" + MYSQL_PASSWORD: "{{ mysql_user_pass }}" + MYSQL_DATABASE: "hackmd" + MYSQL_USER: "hackmd" + + \ No newline at end of file diff --git a/webserver/docker_hackmd/templates/mysql-utf8.cnf b/webserver/docker_hackmd/templates/mysql-utf8.cnf new file mode 100644 index 0000000000000000000000000000000000000000..367210a9c7b5d70ae9f27b5946bb448eb0b111b9 --- /dev/null +++ b/webserver/docker_hackmd/templates/mysql-utf8.cnf @@ -0,0 +1,11 @@ +[client] +default-character-set=utf8 + +[mysql] +default-character-set=utf8 + + +[mysqld] +collation-server = utf8_unicode_ci +init-connect='SET NAMES utf8' +character-set-server = utf8 diff --git a/webserver/docker_keycloak/tasks/main.yml b/webserver/docker_keycloak/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..7d3b2ed06fff9118649541202e62f323e75c5457 --- /dev/null +++ b/webserver/docker_keycloak/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/keycloak/keycloak_admin_pass, length: 24 } + - { path: /srv/keycloak/postgres_user_pass, length: 12 } + + +- name: create folder struct for keycloak + file: + path: "{{ item }}" + state: "directory" + with_items: + - /srv/keycloak/ + - /srv/keycloak/db/ + + +- name: Konfig-Dateien erstellen + template: + src: "{{ item }}" + dest: "/srv/keycloak/{{ item }}" + with_items: + - docker-compose.yml + notify: restart keycloak docker + +- name: start keycloak docker + docker_service: + project_src: /srv/keycloak/ + state: present diff --git a/webserver/docker_keycloak/templates/docker-compose.yml b/webserver/docker_keycloak/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..6eb7c32f461ba1e2c3abc3bdcd74f5dc07b77421 --- /dev/null +++ b/webserver/docker_keycloak/templates/docker-compose.yml @@ -0,0 +1,35 @@ + + +version: "3" + +services: + + + app: + + image: jboss/keycloak:4.0.0.Final + restart: always + ports: + - 127.0.0.1:42009:8080 + depends_on: + - db + environment: + KEYCLOAK_USER: "admin" + KEYCLOAK_PASSWORD: "{{ keycloak_admin_pass }}" + DB_VENDOR: "POSTGRES" + DB_ADDR: "db" + DB_DATABASE: "keycloak" + DB_USER: "keycloak" + DB_PASSWORD: "{{ postgres_user_pass }}" + PROXY_ADDRESS_FORWARDING: "true" + + db: + + image: postgres + restart: always + volumes: + - /srv/keycloak/db:/var/lib/postgresql/data + environment: + POSTGRES_DB: keycloak + POSTGRES_USER: keycloak + POSTGRES_PASSWORD: "{{ postgres_user_pass }}" diff --git a/webserver/main.yml b/webserver/main.yml index fdc9588d52976d1927af8ddc1fbc2f793c1e45a3..e13d1638e0465e1f537ab3bb39616b24703b454c 100644 --- a/webserver/main.yml +++ b/webserver/main.yml @@ -5,14 +5,18 @@ roles: - { role: ../common/borgbackup, tags: borgbackup } - { role: ../common/docker, tags: docker } + - { role: ../common/telegraf, tags: telegraf } - { role: nginx, tags: nginx } - { role: openvpn, tags: openvpn } + - { role: docker_alerta, tags: alerta } - { role: docker_dokuwiki, tags: dokuwiki } - { role: docker_etherpad, tags: etherpad } - { role: docker_gitlab, tags: gitlab } + - { role: docker_hackmd, tags: hackmd } - { role: docker_jabber, tags: jabber } - { role: docker_jabber_test, tags: jabber_test } - { role: docker_ldap, tags: ldap } + - { role: docker_keycloak, tags: keycloak } - { role: docker_matterbridge, tags: matterbridge } - { role: docker_warpinfra, tags: warpinfra } - { role: docker_warpinfratest, tags: warpinfratest } diff --git a/webserver/nginx/includes/alerta b/webserver/nginx/includes/alerta new file mode 100644 index 0000000000000000000000000000000000000000..faba043e1540bea75ee389ee4ae2d93dbba81f48 --- /dev/null +++ b/webserver/nginx/includes/alerta @@ -0,0 +1,12 @@ + + location / { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:42008/; + proxy_redirect off; + + } diff --git a/webserver/nginx/includes/auth b/webserver/nginx/includes/auth new file mode 100644 index 0000000000000000000000000000000000000000..74801f2f86b402969a6940e047cf633327e25a66 --- /dev/null +++ b/webserver/nginx/includes/auth @@ -0,0 +1,12 @@ + + location / { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:42009/; + proxy_redirect off; + + } diff --git a/webserver/nginx/includes/md b/webserver/nginx/includes/md new file mode 100644 index 0000000000000000000000000000000000000000..72cb0aa1572473a5a643b741b3716c2239c94320 --- /dev/null +++ b/webserver/nginx/includes/md @@ -0,0 +1,12 @@ + + location / { + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://127.0.0.1:42007/; + proxy_redirect off; + + }