Update infra semaphore
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
- hosts: test
|
||||
- hosts: monitoring
|
||||
# vars:
|
||||
become: true
|
||||
gather_facts: true
|
||||
@@ -7,7 +7,45 @@
|
||||
|
||||
- name: Set hostname
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ ansible_hostname }}"
|
||||
name: "{{ inventory_hostname }}"
|
||||
|
||||
- name: Check for Netbird Installation
|
||||
ansible.builtin.shell:
|
||||
cmd: netbird version
|
||||
ignore_errors: true
|
||||
register: netbird_installed
|
||||
|
||||
- name: Install Netbird first to have private network
|
||||
block:
|
||||
- name: Add key Netbird
|
||||
become: true
|
||||
ansible.builtin.shell: curl -sSL https://pkgs.netbird.io/debian/public.key | sudo gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg
|
||||
|
||||
- name: mode file for netbird key
|
||||
ansible.builtin.file:
|
||||
path: /usr/share/keyrings/netbird-archive-keyring.gpg
|
||||
state: file
|
||||
mode: 0644
|
||||
|
||||
- name: somerepo | apt source
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main"
|
||||
state: present
|
||||
|
||||
- name: Install netbird
|
||||
ansible.builtin.apt:
|
||||
name: "netbird"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Start Netbird
|
||||
become: true
|
||||
ansible.builtin.shell: netbird up --setup-key="{{ netbird_setup_key }}"
|
||||
when: netbird_installed.rc != 0
|
||||
|
||||
# curl -sSL https://pkgs.netbird.io/debian/public.key | sudo gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg
|
||||
# chmod 0644 /usr/share/keyrings/netbird-archive-keyring.gpg
|
||||
# # echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' | sudo tee /etc/apt/sources.list.d/netbird.list
|
||||
|
||||
- name: Create node_exporter cert dir
|
||||
file:
|
||||
@@ -29,7 +67,7 @@
|
||||
community.crypto.openssl_csr:
|
||||
path: /etc/node_exporter/tls.csr
|
||||
privatekey_path: /etc/node_exporter/tls.key
|
||||
common_name: "{{ ansible_hostname }}.netbird.cloud"
|
||||
common_name: "{{ inventory_hostname }}.netbird.cloud"
|
||||
|
||||
- name: Generate a Self Signed OpenSSL certificate
|
||||
community.crypto.x509_certificate:
|
||||
@@ -43,22 +81,22 @@
|
||||
# chmod go+r /usr/share/keyrings/netbird-archive-keyring.gpg for error:
|
||||
#||-----> GPG error: https://pkgs.netbird.io/debian stable InRelease: The following signatures couldn't be verified because the public key is not available
|
||||
|
||||
roles:
|
||||
- robertdebock.update
|
||||
- devsec.hardening.os_hardening
|
||||
- devsec.hardening.ssh_hardening
|
||||
- maxlareo.rkhunter
|
||||
- maxlareo.chkrootkit
|
||||
- robertdebock.auditd
|
||||
- geerlingguy.firewall
|
||||
- grog.management-user
|
||||
- GROG.user
|
||||
- GROG.authorized-key
|
||||
- GROG.sudo
|
||||
- ansible_unattended_upgrades
|
||||
- dominion_solutions.netbird.netbird
|
||||
- buluma.lynis
|
||||
# roles:
|
||||
# - robertdebock.update
|
||||
# - devsec.hardening.os_hardening
|
||||
# - devsec.hardening.ssh_hardening
|
||||
# - maxlareo.rkhunter
|
||||
# - maxlareo.chkrootkit
|
||||
# - robertdebock.auditd
|
||||
# - geerlingguy.firewall
|
||||
# - grog.management-user
|
||||
# - GROG.user
|
||||
# - GROG.authorized-key
|
||||
# - GROG.sudo
|
||||
# - ansible_unattended_upgrades
|
||||
# - buluma.lynis
|
||||
tasks:
|
||||
|
||||
- name: Retrieve private IP address netbird
|
||||
ansible.builtin.gather_facts:
|
||||
|
||||
@@ -67,6 +105,7 @@
|
||||
host_interfaces: "{{ host_interfaces + [item]}}"
|
||||
vars:
|
||||
host_interfaces: []
|
||||
when: ansible_facts[item].ipv4.address is defined
|
||||
loop: "{{ ansible_facts.interfaces }}"
|
||||
|
||||
- name: Set host_private_address
|
||||
@@ -83,25 +122,12 @@
|
||||
# when: group_names is search("monitoring")
|
||||
|
||||
- ansible.builtin.import_role:
|
||||
name: prometheus.prometheus.node_exporter
|
||||
name: prometheus.prometheus.node_exporter
|
||||
|
||||
- ansible.builtin.import_role:
|
||||
name: prometheus.prometheus.prometheus
|
||||
name: prometheus.prometheus.prometheus
|
||||
when: group_names is search("monitoring")
|
||||
|
||||
|
||||
# - name: "Include labocbz.install_grafana"
|
||||
# tags:
|
||||
# - test
|
||||
# vars:
|
||||
# install_grafana__protocol: "https"
|
||||
# install_grafana__http_addr: "{{ host_private_address }}"
|
||||
# install_grafana__domain: "{{ ansible_hostname }}.netbird.cloud"
|
||||
# inv_install_grafana__cert_file: /etc/node_exporter/tls.cert
|
||||
# inv_install_grafana__cert_key: /etc/node_exporter/tls.key
|
||||
|
||||
# ansible.builtin.include_role:
|
||||
# name: ansible-role-labocbz-install-grafana
|
||||
|
||||
# - prometheus.prometheus.node_exporter
|
||||
# https://galaxy.ansible.com/ui/repo/published/prometheus/prometheus/content/role/node_exporter/
|
||||
- ansible.builtin.import_role:
|
||||
name: ansible-role-labocbz-install-grafana
|
||||
when: group_names is search("monitoring")
|
||||
|
||||
@@ -57,6 +57,14 @@ prometheus_scrape_configs:
|
||||
static_configs:
|
||||
- targets:
|
||||
- "{{ ansible_hostname }}.netbird.cloud:9100"
|
||||
- job_name: "node2"
|
||||
scheme: https # Custom scrape job, here using `static_config`
|
||||
metrics_path: "/metrics"
|
||||
tls_config:
|
||||
ca_file: "/etc/node_exporter/tls_scaleway.cert"
|
||||
static_configs:
|
||||
- targets:
|
||||
- "scaleway.netbird.cloud:9100"
|
||||
# - "{{ host_private_address }}:9100"
|
||||
- job_name: "git"
|
||||
scheme: https # Custom scrape job, here using `static_config`
|
||||
|
||||
@@ -1,5 +1,25 @@
|
||||
---
|
||||
|
||||
|
||||
#* NETBIRD
|
||||
|
||||
netbird_setup_key: F234BD1F-385B-4BEA-8234-608CCB1062ED
|
||||
netbird_register: true
|
||||
|
||||
#* TLS
|
||||
|
||||
node_exporter_tls_server_config:
|
||||
cert_file: /etc/node_exporter/tls.cert
|
||||
key_file: /etc/node_exporter/tls.key
|
||||
|
||||
#* NODE_EXPORTER
|
||||
|
||||
# node_exporter_basic_auth_users:
|
||||
# randomuser: examplepassword
|
||||
node_exporter_web_listen_address: "{{ host_private_address }}:9100"
|
||||
|
||||
|
||||
|
||||
########
|
||||
# USER #
|
||||
########
|
||||
6
hosts
6
hosts
@@ -11,14 +11,14 @@ ovh01 ansible_host=5.135.181.11 ansible_user=stephane
|
||||
scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
|
||||
|
||||
[controller]
|
||||
scaleway_fr ansible_host=163.172.84.28 ansible_user=stephane
|
||||
scaleway ansible_host=163.172.84.28 ansible_user=stephane
|
||||
|
||||
[monitoring]
|
||||
ovh01 ansible_host=5.135.181.11 ansible_user=stephane
|
||||
ubuntu ansible_host=192.168.0.21 ansible_user=vagrant ansible_password=vagrant
|
||||
; ubuntu ansible_host=192.168.0.22 ansible_user=vagrant ansible_password=vagrant
|
||||
|
||||
[test]
|
||||
ubuntu ansible_host=192.168.0.21 ansible_user=vagrant ansible_password=vagrant
|
||||
ubuntu ansible_host=192.168.0.22 ansible_user=vagrant ansible_password=vagrant
|
||||
|
||||
; # TO KNOW WHOIS CHISEL SERVER
|
||||
; [server]
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
collections:
|
||||
- name: devsec.hardening
|
||||
- name: dominion_solutions.netbird
|
||||
- name: prometheus.prometheus
|
||||
- name: community.crypto
|
||||
- name: ansible.utils
|
||||
|
||||
Reference in New Issue
Block a user