Add Monitoring host
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Tobias Manske 2023-03-30 21:51:23 +02:00
parent 936bbf7ecd
commit f2cd3c991b
Signed by: tobias
GPG Key ID: 9164B527694A0709
9 changed files with 226 additions and 17 deletions

View File

@ -0,0 +1,60 @@
$ANSIBLE_VAULT;1.2;AES256;secrets
31653262313736623962393333616632653938646364643062383266643237343032326637356462
3032363766336231636665633736616637363661303634320a393033393239356234623661353461
38376630623233616632636234643039663235373035633132636666363133633030353938373461
3539383935333036640a626330376666396565663137363366616432343365393931643233363730
35313339373838313534616562313662313932343565323636626337393737323337616635336666
33313463353339306563333537663139616231386331333636343132396663613137636332383638
66363164343833353164356136306135333038613264363663346232393237373266323237353639
34643236613763323364306161353735663030653361336364306366336330326331366463646163
64626436386461393033336136666466313030383531396464646632333939313335383738303838
34613663663665306337656530663234316132303062323966633332393165326133643639633263
32346465323032623837323034646462643038356339613234383332623962626631366262333564
61356132633135666630376461646366333939316435336566363139303032623563646563316536
62326230643866653665363536663137383534346165646563636437346361613865396437623664
35366139666538663937356337356437353135306336333262356363613063363334663837376561
37333134323861326261343333323061343936326439623439656135613734326531306630336432
36356362363230646561303266396135343935316236313162663133393833356163363535336265
37373637353337306135393330363266653538353863353637396263333061316230653032326237
66326331336238333230303566333961636165343265623264396138633237623061623566653036
30613330653235303336643135383833636337346264383731303837303565333861386464616138
31373363316338626237376133333636643136346466616130353934323237316365366563666536
32656362363864363362633734316536623433353164323236303830316334323639303639633633
62353439353465393532636462316163643438376336316439373739666233646630353661393466
34336535396231663762643736323461656239396262376262663434393865373461623737663762
62303365356664633363323461396164626266613935303036373938356130373132643164306462
63356562343932373362386564363337653161363836333062396266363931373938323066393766
64623634373835373138316636346537326661333462623839303366386566383231376339653034
37336561373961636334623462303834323363663339333035396263653030643534386431323065
62373965376666363033653230643134343363396261373239313839656234363032333632396339
32636562663733396361323865623039636334643732666536633734643764316165666162363231
64356236386164653335613765396639363363643935653862326638323031653364646137356366
64366266376162653561333035396433653162316365623234613538363534303762663138396138
32366335393064356234323931373833336563306264633264633366323266376364343566633739
31383437353138643833376431623165616439356434643236343763626235333933613036323934
36613862383232656531646365373930363830646132373664616365666264336264383538306463
63353037353938633366336535306166633238663331386339396563616336313765646565316164
36343866343532373639363662666235653932396535383935666166643535366539623265613365
38616561656539363839323136646533643937383165386131353138363466646237313136326139
61383466343238396439356132613565363436303234373334643461303334353366346366636235
32616661356664626431663539646663343661613039653438323339353765353931623632336233
37346561333239366337643133653238643231613938326136376664616563346335333935353738
35626137353533613866626338303266356139373134343462656239633330623964376537396162
63626339356130326363633731363662393737623031663566386530623666346531653931656138
38646564363239326636393138623465306233316631346531373430383839353465646166633261
65313062353338303261313461356662626131663538303535336333393363373437633336396534
30373866366539646133393530396535363063303534303533303735616437336362333831636461
66313230666463303330336561383234373130313731343732646239333031366235633238363563
35616266346463363034303237623062626261666638323734343330623565333637663266303635
33626662643363373064666461323337613635323239333761386237326237646465653339323433
65623837663965666666643230346265323362613635653930313236666338383935316337356533
64613462323565353732666234636365613366366630373533633130303064663830333437623631
65666439623364616561373936643536626165613339396363323630383665616130333630316266
38643737396263653966623534396434363266643037626134303433393437623434343861343363
36623464643937646166333438623763396365643332666466306262313633313036333736353935
36353931383732376362613433636338633565653530666464613965333732363165623437303461
32383462333731393932313462646561373966363533613236616435643363336661306636613761
39666463373933373963636535663737633035396332373261333133383964626435303436386265
39326336313534623834626265313861393831656133323438396630353063653036623136633132
66383833393038323763336666336363313331326636656536636633666536666635333735366533
636662373161333330346662336161643233

View File

@ -101,7 +101,7 @@
vars: vars:
state: present state: present
roles: roles:
- { role: compose_project, service: traefik } - { role: compose_project, service: traefik, with_fa: true }
- { role: compose_project, service: keycloak } - { role: compose_project, service: keycloak }
- { role: compose_project, service: minio } - { role: compose_project, service: minio }
- { role: compose_project, service: repo_proxy } - { role: compose_project, service: repo_proxy }
@ -133,4 +133,35 @@
- { role: compose_project, service: wireguard } - { role: compose_project, service: wireguard }
- { role: compose_project, service: watchtower } - { role: compose_project, service: watchtower }
- { role: compose_project, service: gitea-runner } - { role: compose_project, service: gitea-runner }
- name: Base Setup Monitoring
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- { role: compose_project, service: traefik }
- { role: compose_project, service: pantalaimon }
- { role: compose_project, service: watchtower }
- name: Setup Monitoring Kuma 1
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "tobias"
url: "status.tobiasmanske.de"
- name: Setup Monitoring Kuma 2
hosts: mon1.hel1.chaoswg.org
vars:
state: present
roles:
- role: compose_project
service: kuma
vars:
service_name: "istannen"
url: "monitor.ialistannen.de"
... ...

View File

@ -2,11 +2,11 @@
- name: Set service_dir - name: Set service_dir
ansible.builtin.set_fact: ansible.builtin.set_fact:
service_dir: "{{ compose_dir | mandatory }}/{{ service | mandatory }}" service_dir: "{{ compose_dir | mandatory }}/{{ service | mandatory }}{% if service_name is defined %}-{{ service_name }}{% endif %}"
cacheable: true cacheable: true
- ansible.builtin.debug: - ansible.builtin.debug:
msg: "Working on {{ service }}" msg: "Working on {{ service }}{% if service_name is defined %}-{{ service_name }}{% endif %}"
verbosity: 0 verbosity: 0
- include_tasks: create.yml - include_tasks: create.yml

View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=kuma-{{ service_name|default("kuma") }}

View File

@ -0,0 +1,28 @@
{% set _name = service_name|default("kuma") %}
{% set _url = url|default(kuma.url)|mandatory %}
---
services:
kuma:
image: louislam/uptime-kuma:latest
restart: unless-stopped
volumes:
- data:/app/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.kuma-{{ _name }}.rule=Host(`{{ _url | mandatory }}`)"
- "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure"
- "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
networks:
- default
- gateway
- pantalaimon
volumes:
data:
networks:
gateway:
external: true
pantalaimon:
external: true
...

View File

@ -1,3 +1,4 @@
{% set deploy_traefik_fa = with_fa|default(false) %}
--- ---
version: '3.9' version: '3.9'
services: services:
@ -17,9 +18,8 @@ services:
networks: networks:
- gateway - gateway
- default - default
environment:
CLOUDFLARE_DNS_API_TOKEN: "{{ traefik.CLOUDFLARE_DNS_API_TOKEN }}"
{% if deploy_traefik_fa %}
traefik-fa: traefik-fa:
image: thomseddon/traefik-forward-auth:latest image: thomseddon/traefik-forward-auth:latest
restart: always restart: always
@ -38,16 +38,7 @@ services:
- "traefik.http.services.traefik-fa.loadbalancer.server.port=4181" - "traefik.http.services.traefik-fa.loadbalancer.server.port=4181"
- "traefik.http.routers.traefik-fa.middlewares=sso@file" - "traefik.http.routers.traefik-fa.middlewares=sso@file"
# whoami: {% endif %}
# image: containous/whoami
# networks:
# - gateway
# labels:
# - "traefik.enable=true"
# - "traefik.http.services.whoami.loadbalancer.server.port=80"
# - "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
# - "traefik.http.routers.whoami.entryPoints=websecure"
# - "traefik.http.routers.whoami.middlewares=sso@file"
volumes: volumes:
acme: acme:

View File

@ -1,3 +1,4 @@
{% if with_fa|default(false) %}
default-provider = oidc default-provider = oidc
# Cookie signing nonce, replace this with something random # Cookie signing nonce, replace this with something random
@ -18,3 +19,4 @@ auth-host = traefik-fa.tobiasmanske.de
whitelist = {{ user }} whitelist = {{ user }}
{% endfor %} {% endfor %}
{% endif %}

View File

@ -27,5 +27,4 @@ certificatesResolvers:
email: webmaster@tobiasmanske.de email: webmaster@tobiasmanske.de
storage: /acme/acme.json storage: /acme/acme.json
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
dnsChallenge: tlsChallenge: true
provider: cloudflare

View File

@ -0,0 +1,97 @@
---
variant: fcos
version: 1.4.0
systemd:
units:
# Installing vim as a layered package with rpm-ostree
- name: rpm-ostree-install-pkg.service
enabled: true
contents: |
[Unit]
Description=Layer packages with rpm-ostree
Wants=network-online.target
After=network-online.target
# We run before `zincati.service` to avoid conflicting rpm-ostree
# transactions.
Before=zincati.service
# Otherwise vagrant will try to run the playbook before we got python
Before=sshd.service
ConditionPathExists=!/var/lib/%N.stamp
[Service]
Type=oneshot
RemainAfterExit=yes
# `--allow-inactive` ensures that rpm-ostree does not return an error
# if the package is already installed. This is useful if the package is
# added to the root image in a future Fedora CoreOS release as it will
# prevent the service from failing.
ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive vim python docker-compose borgbackup btop iftop iotop
ExecStart=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=multi-user.target
# Make sure docker is actually starting without a call to the socket.
- name: docker.service
enabled: true
- name: borgbackup.service
contents: |
[Unit]
Description=Run Backup of /var/lib/docker
[Service]
ExecStart=/usr/bin/bash /root/backup.sh
[Install]
WantedBy=multi-user.target
- name: borgbackup.timer
enabled: true
contents: |
[Unit]
Description=Daily backup
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
storage:
filesystems:
- device: /dev/disk/by-partlabel/root
wipe_filesystem: true
format: ext4
label: root
files:
# Set vim as default editor
# We use `zz-` as prefix to make sure this is processed last in order to
# override any previously set defaults.
- path: /etc/profile.d/zz-default-editor.sh
overwrite: true
contents:
inline: |
export EDITOR=vim
- path: /etc/hostname
mode: 0644
contents:
inline: mon1.hel1.chaoswg.org
- path: /etc/zincati/config.d/55-updates-strategy.toml
contents:
inline: |
[updates]
strategy = "periodic"
[[updates.periodic.window]]
days = [ "Fri", "Sat" ]
start_time = "23:30"
length_minutes = 60
links:
- path: /etc/localtime
target: /usr/share/zoneinfo/Europe/Berlin
passwd:
users:
- name: core
groups:
- docker
ssh_authorized_keys:
- cert-authority,principals="rad4day,rad4day@chaoswg.org" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUN/Ik3CqhsVLGEkl2rJLUhC0AXFmVp6BgETaqgVKq5 user-ca@chaoswg.org
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhzs4vCOhy3yH2TF2bO5Qalt2P4WG4nDYTLarPKFrdM ansible@provisioner
...