Commit e9efae2b authored by nono's avatar nono 💻
Browse files

Ajout d'une différence entre les hôtes de surveillance

parent dc532d7e
---
# Global
monitoring_service_url: "stats.test.lqdn.fr"
# This file is used by the serveur who collects the statistics of other servers.
# It install node_exporter, exposed locally, prometheus, and grafana with a dashboard.
# Ce fichier est utilisé par le serveur qui collecte les statistiques des autres serveurs.
# Il install node_exporter, exposé locallement, prometheus et grafana avec son bureau.
# Cerbot
certbot_install_method: package
......@@ -14,7 +17,6 @@ certbot_auto_renew_options: "--webroot -w /var/www/letsencrypt && systemctl relo
certbot_auto_renew: true
# Nginx
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "{{ monitoring_service_url }}"
......@@ -61,25 +63,10 @@ nginx_vhosts:
}
# Firewall
# firewall_allowed_tcp_ports:
# - "22"
# - "80"
# - "443"
# Node-exporter
node_exporter_version: "latest"
node_exporter_web_listen_address: "0.0.0.0:9100"
# node_exporter_tls_server_config:
# cert_file: "/etc/letsencrypt/live/{{ monitoring_service_url }}/fullchain.pem"
# key_file: "/etc/letsencrypt/live/{{ monitoring_service_url }}/privkey.pem"
#
# node_exporter_basic_auth_users:
# nono: "{{ vautl_test_node_exporter_basic_auth_users_nono }}"
# Prometheus
prometheus_version: "latest"
......@@ -98,15 +85,16 @@ prometheus_scrape_configs:
- files:
- "{{ prometheus_config_dir }}/file_sd/node.yml"
# Add servers to monitor below
# Ajoutez les serveurs sous surveillance ici
prometheus_targets:
node:
- targets:
- localhost:9100
- stats.sso.lqdn.fr
- stats.test.lqdn.fr
labels:
env: test
# Grafana
grafana_instance: "{{ monitoring_service_url }}"
grafana_address: "0.0.0.0"
......
---
# This file is used to deploy the node_exporter to servers who are undersurveillance,
# thus they do not install grafana or prometheus, and expose the node_exporter API
# to a stats.<server fdn>. For example, stats.test.lqdn.fr
# Ce fichier contient la configuration des serveurs sous surveillance, et n'installe que
# node_exporter, et pas grafana ou prometheus. De plus, il expose l'API de node_exporter
# sur stats.<ndd serveur>. Par exemple, stats.test.lqdn.fr
# Cerbot
certbot_install_method: package
certbot_admin_email: "{{ sysadmin_email }}"
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_certs:
- domains:
- "{{ monitoring_service_url }}"
certbot_auto_renew_options: "--webroot -w /var/www/letsencrypt && systemctl reload nginx"
certbot_auto_renew: true
# Nginx
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "{{ monitoring_service_url }}"
access_log: "/var/log/nginx/{{ monitoring_service_url }}.log"
error_log: "/var/log/nginx/{{ monitoring_service_url }}_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "{{ monitoring_service_url }}.https.conf"
extra_parameters: |
location / {
proxy_buffering off;
proxy_set_header Referer $http_referer;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass http://{{node_exporter_web_listen_address}};
proxy_redirect off;
}
location /.well-known/acme-challenge {
alias /var/www/letsencrypt/.well-known/acme-challenge;
}
ssl_certificate /etc/letsencrypt/live/{{ monitoring_service_url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ monitoring_service_url }}/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80"
server_name: "{{ monitoring_service_url }}"
access_log: "/var/log/nginx/{{ monitoring_service_url }}.log"
error_log: "/var/log/nginx/{{ monitoring_service_url }}_error.log"
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "{{ monitoring_service_url }}.http.conf"
extra_parameters: |
location / {
return 302 https://{{ monitoring_service_url }}$request_uri;
}
# Node-exporter
node_exporter_version: "latest"
node_exporter_web_listen_address: "0.0.0.0:9100"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment