Ajout d'une différence entre les hôtes de surveillance

e9efae2b · nono · dc532d7e · e9efae2b · e9efae2b
Commit e9efae2b authored Dec 13, 2021 by nono 💻
--- a/group_vars/monitoring/monitoring.yml
+++ b/group_vars/monitoring/monitoring.yml
 ---
-# Global
-monitoring_service_url: "stats.test.lqdn.fr"
+# This file is used by the serveur who collects the statistics of other servers.
+# It install node_exporter, exposed locally, prometheus, and grafana with a dashboard.
+
+# Ce fichier est utilisé par le serveur qui collecte les statistiques des autres serveurs.
+# Il install node_exporter, exposé locallement, prometheus et grafana avec son bureau.

 # Cerbot
 certbot_install_method: package
@@ -14,7 +17,6 @@ certbot_auto_renew_options: "--webroot -w /var/www/letsencrypt && systemctl relo
 certbot_auto_renew: true

 # Nginx
-
 nginx_vhosts:
  - listen: "443 ssl http2"
    server_name: "{{ monitoring_service_url }}"
@@ -61,25 +63,10 @@ nginx_vhosts:
      }


-# Firewall
-# firewall_allowed_tcp_ports:
-#   - "22"
-#   - "80"
-#   - "443"
-
 # Node-exporter
-
 node_exporter_version: "latest"
-
 node_exporter_web_listen_address: "0.0.0.0:9100"

-# node_exporter_tls_server_config:
-#   cert_file: "/etc/letsencrypt/live/{{ monitoring_service_url }}/fullchain.pem"
-#   key_file: "/etc/letsencrypt/live/{{ monitoring_service_url }}/privkey.pem"
-#
-# node_exporter_basic_auth_users:
-#   nono: "{{ vautl_test_node_exporter_basic_auth_users_nono }}"
-
 # Prometheus
 prometheus_version: "latest"

@@ -98,15 +85,16 @@ prometheus_scrape_configs:
      - files:
          - "{{ prometheus_config_dir }}/file_sd/node.yml"

+# Add servers to monitor below
+# Ajoutez les serveurs sous surveillance ici
 prometheus_targets:
  node:
   - targets:
       - localhost:9100
-       - stats.sso.lqdn.fr
+       - stats.test.lqdn.fr
     labels:
       env: test

-
 # Grafana
 grafana_instance: "{{ monitoring_service_url }}"
 grafana_address: "0.0.0.0"

--- a/group_vars/monitoring/monitoring-node.yml
+++ b/group_vars/monitoring/monitoring-node.yml
+---
+# This file is used to deploy the node_exporter to servers who are undersurveillance,
+# thus they do not install grafana or prometheus, and expose the node_exporter API
+# to a stats.<server fdn>. For example, stats.test.lqdn.fr
+
+# Ce fichier contient la configuration des serveurs sous surveillance, et n'installe que
+# node_exporter, et pas grafana ou prometheus. De plus, il expose l'API de node_exporter
+# sur stats.<ndd serveur>. Par exemple, stats.test.lqdn.fr
+
+# Cerbot
+certbot_install_method: package
+certbot_admin_email: "{{ sysadmin_email }}"
+certbot_create_if_missing: true
+certbot_create_method: standalone
+certbot_certs:
+    - domains:
+        - "{{ monitoring_service_url }}"
+certbot_auto_renew_options: "--webroot -w /var/www/letsencrypt && systemctl reload nginx"
+certbot_auto_renew: true
+
+# Nginx
+nginx_vhosts:
+  - listen: "443 ssl http2"
+    server_name: "{{ monitoring_service_url }}"
+    access_log: "/var/log/nginx/{{ monitoring_service_url }}.log"
+    error_log: "/var/log/nginx/{{ monitoring_service_url }}_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "{{ monitoring_service_url }}.https.conf"
+    extra_parameters: |
+      location / {
+        proxy_buffering off;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+
+        proxy_pass http://{{node_exporter_web_listen_address}};
+        proxy_redirect off;
+      }
+      location /.well-known/acme-challenge {
+        alias /var/www/letsencrypt/.well-known/acme-challenge;
+      }
+
+      ssl_certificate /etc/letsencrypt/live/{{ monitoring_service_url }}/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/{{ monitoring_service_url }}/privkey.pem;
+      ssl_protocols       TLSv1.1 TLSv1.2 TLSv1.3;
+      ssl_ciphers         HIGH:!aNULL:!MD5;
+  - listen: "80"
+    server_name: "{{ monitoring_service_url }}"
+    access_log: "/var/log/nginx/{{ monitoring_service_url }}.log"
+    error_log: "/var/log/nginx/{{ monitoring_service_url }}_error.log"
+    state: "present"
+    template: "{{ nginx_vhost_template }}"
+    filename: "{{ monitoring_service_url }}.http.conf"
+    extra_parameters: |
+      location / {
+        return 302 https://{{ monitoring_service_url }}$request_uri;
+      }
+
+# Node-exporter
+node_exporter_version: "latest"
+node_exporter_web_listen_address: "0.0.0.0:9100"