diff --git a/README.md b/README.md index 71ab1f5..ed715b1 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ locally to ensure they work properly. Launch playbook on the fly on a host not declared in the inventory. ``` -ansible-playbook.sh -i , [--tags tag1,tag2] playbooks/test.yml +ansible-playbook -i , [-t tag1,tag2] playbooks/test.yml ``` *Note the comma at the end of the hostname or IP.* diff --git a/inventories/core b/inventories/core index 27037d1..070b7f6 100644 --- a/inventories/core +++ b/inventories/core @@ -1,18 +1,17 @@ +[all:vars] +host_domain=core.dc.verdnatura.es + +[backup:vars] +host_domain=backup.dc.verdnatura.es + [ceph] -ceph1 ansible_host=ceph1.core.dc.verdnatura.es -ceph2 ansible_host=ceph2.core.dc.verdnatura.es -ceph3 ansible_host=ceph3.core.dc.verdnatura.es +ceph[1:3] [ceph_gw] -ceph-gw1 ansible_host=ceph-gw1.core.dc.verdnatura.es -ceph-gw2 ansible_host=ceph-gw2.core.dc.verdnatura.es +ceph-gw[1:2] [pve] -pve01 ansible_host=pve01.core.dc.verdnatura.es -pve02 ansible_host=pve02.core.dc.verdnatura.es -pve03 ansible_host=pve03.core.dc.verdnatura.es -pve04 ansible_host=pve04.core.dc.verdnatura.es -pve05 ansible_host=pve04.core.dc.verdnatura.es +pve[01:05] [infra:children] ceph @@ -20,13 +19,13 @@ ceph_gw pve [core] -core-agent ansible_host=core-agent.core.dc.verdnatura.es -core-proxy ansible_host=core-proxy.core.dc.verdnatura.es +core-agent +core-proxy [backup] -bacula-dir ansible_host=bacula-dir.backup.dc.verdnatura.es -bacula-db ansible_host=bacula-db.backup.dc.verdnatura.es -bacularis ansible_host=bacularis.backup.dc.verdnatura.es -backup-nas ansible_host=backup-nas.backup.dc.verdnatura.es -tftp ansible_host=tftp.backup.dc.verdnatura.es -kube-backup ansible_host=kube-backup.backup.dc.verdnatura.es +bacula-dir +bacula-db +bacularis +backup-nas +tftp +kube-backup diff --git a/inventories/group_vars/all.yml b/inventories/group_vars/all.yml index 5dd7be7..22824da 100644 --- a/inventories/group_vars/all.yml +++ b/inventories/group_vars/all.yml @@ -1,3 +1,4 @@ +ansible_host: "{{inventory_hostname_short}}.{{host_domain}}" sysadmin_mail: sysadmin@verdnatura.es sysadmin_group: sysadmin smtp_server: smtp.verdnatura.es diff --git a/inventories/lab b/inventories/lab new file mode 100644 index 0000000..809234a --- /dev/null +++ b/inventories/lab @@ -0,0 +1,37 @@ +[all:vars] +host_domain=lab.verdnatura.es + +[cephlab] +cephlab[01:03] + +[pvelab] +pvelab[01:03] + +[infra:children] +cephlab +pvelab + +[cephtest] +cephtest[01:03] + +[kubepre] +kubepre-helm +kubepre-proxy1 +kubepre-master[1:3] +kubepre-worker[1:4] + +[kubetest] +kubetest-helm +kubetest-master[01:03] +kubetest-worker[01:04] + +[laboratory] +corelab-proxy1 +zammad +matrix + +[guest:children] +cephtest +kubepre +kubetest +laboratory diff --git a/inventories/laboratory b/inventories/laboratory deleted file mode 100644 index 15d14ef..0000000 --- a/inventories/laboratory +++ /dev/null @@ -1,50 +0,0 @@ -[cephlab] -cephlab01 ansible_host=cephlab01.lab.verdnatura.es -cephlab02 ansible_host=cephlab02.lab.verdnatura.es -cephlab03 ansible_host=cephlab03.lab.verdnatura.es - -[pvelab] -pvelab01 ansible_host=pvelab01.lab.verdnatura.es -pvelab02 ansible_host=pvelab02.lab.verdnatura.es -pvelab03 ansible_host=pvelab03.lab.verdnatura.es - -[infra:children] -cephlab -pvelab - -[cephtest] -cephtest01 ansible_host=cephtest01.lab.verdnatura.es -cephtest02 ansible_host=cephtest02.lab.verdnatura.es -cephtest03 ansible_host=cephtest03.lab.verdnatura.es - -[kubepre] -kubepre-helm ansible_host=kubepre-helm.lab.verdnatura.es -kubepre-proxy1 ansible_host=kubepre-proxy1.lab.verdnatura.es -kubepre-master1 ansible_host=kubepre-master1.lab.verdnatura.es -kubepre-master2 ansible_host=kubepre-master2.lab.verdnatura.es -kubepre-master3 ansible_host=kubepre-master3.lab.verdnatura.es -kubepre-worker1 ansible_host=kubepre-worker1.lab.verdnatura.es -kubepre-worker2 ansible_host=kubepre-worker2.lab.verdnatura.es -kubepre-worker3 ansible_host=kubepre-worker3.lab.verdnatura.es -kubepre-worker4 ansible_host=kubepre-worker4.lab.verdnatura.es - -[kubetest] -kubetest-helm ansible_host=kubetest-helm.lab.verdnatura.es -kubetest-master01 ansible_host=kubetest-master01.lab.verdnatura.es -kubetest-master02 ansible_host=kubetest-master02.lab.verdnatura.es -kubetest-master03 ansible_host=kubetest-master03.lab.verdnatura.es -kubetest-worker01 ansible_host=kubetest-worker01.lab.verdnatura.es -kubetest-worker02 ansible_host=kubetest-worker02.lab.verdnatura.es -kubetest-worker03 ansible_host=kubetest-worker03.lab.verdnatura.es -kubetest-worker04 ansible_host=kubetest-worker04.lab.verdnatura.es - -[laboratory] -corelab-proxy1 ansible_host=corelab-proxy1.lab.verdnatura.es -zammad ansible_host=zammad.lab.verdnatura.es -matrix ansible_host=matrix.lab.verdnatura.es - -[guest:children] -cephtest -kubepre -kubetest -laboratory diff --git a/inventories/production b/inventories/production deleted file mode 100644 index 1e38715..0000000 --- a/inventories/production +++ /dev/null @@ -1,99 +0,0 @@ -[kube_master] -kube-master1 ansible_host=kube-master1.servers.dc.verdnatura.es -kube-master2 ansible_host=kube-master2.servers.dc.verdnatura.es -kube-master3 ansible_host=kube-master3.servers.dc.verdnatura.es -kube-master4 ansible_host=kube-master4.servers.dc.verdnatura.es -kube-master5 ansible_host=kube-master5.servers.dc.verdnatura.es - -[kube_worker] -kube-worker1 ansible_host=kube-worker1.servers.dc.verdnatura.es -kube-worker2 ansible_host=kube-worker2.servers.dc.verdnatura.es -kube-worker3 ansible_host=kube-worker3.servers.dc.verdnatura.es -kube-worker4 ansible_host=kube-worker4.servers.dc.verdnatura.es -kube-worker5 ansible_host=kube-worker5.servers.dc.verdnatura.es - -[kube_proxy] -kube-proxy1 ansible_host=kube-proxy1.servers.dc.verdnatura.es -kube-proxy2 ansible_host=kube-proxy2.servers.dc.verdnatura.es - -[kube_helper] -kube-helm ansible_host=kube-helm.servers.dc.verdnatura.es - -[kubernetes:children] -kube_master -kube_worker -kube_proxy -kube_helper - -[ad] -dc1 ansible_host=dc1.servers.dc.verdnatura.es -dc2 ansible_host=dc2.servers.dc.verdnatura.es -server ansible_host=server.servers.dc.verdnatura.es - -[db] -db-proxy1 ansible_host=db-proxy1.servers.dc.verdnatura.es -db-proxy2 ansible_host=db-proxy2.servers.dc.verdnatura.es -db1 ansible_host=db1.servers.dc.verdnatura.es -db2 ansible_host=db2.servers.dc.verdnatura.es - -[ldap] -ldap-proxy1 ansible_host=ldap-proxy1.servers.dc.verdnatura.es -ldap-proxy2 ansible_host=ldap-proxy2.servers.dc.verdnatura.es -ldap1 ansible_host=ldap1.servers.dc.verdnatura.es -ldap2 ansible_host=ldap2.servers.dc.verdnatura.es -ldap3 ansible_host=ldap3.servers.dc.verdnatura.es - -[mail] -dovecot ansible_host=dovecot.servers.dc.verdnatura.es -mailgw1 ansible_host=mailgw1.servers.dc.verdnatura.es -mailgw2 ansible_host=mailgw2.servers.dc.verdnatura.es -postfix ansible_host=postfix.servers.dc.verdnatura.es -spamd ansible_host=spamd.servers.dc.verdnatura.es -spamd-db ansible_host=spamd-db.servers.dc.verdnatura.es - -[monitoring] -cacti ansible_host=cacti.servers.dc.verdnatura.es -logger ansible_host=logger.servers.dc.verdnatura.es -nagios ansible_host=nagios.servers.dc.verdnatura.es -nagiosql-db ansible_host=nagiosql-db.servers.dc.verdnatura.es -librenms ansible_host=librenms.servers.dc.verdnatura.es - -[network] -dhcp1 ansible_host=dhcp1.servers.dc.verdnatura.es -dhcp2 ansible_host=dhcp2.servers.dc.verdnatura.es -ns1 ansible_host=ns1.servers.dc.verdnatura.es -ns2 ansible_host=ns2.servers.dc.verdnatura.es -unifi ansible_host=unifi.servers.dc.verdnatura.es -vpn ansible_host=vpn.servers.dc.verdnatura.es -time1 ansible_host=time1.servers.dc.verdnatura.es -time2 ansible_host=time2.servers.dc.verdnatura.es - -[princ] -pbx ansible_host=pbx.servers.dc.verdnatura.es -homes ansible_host=homes.servers.dc.verdnatura.es -doku ansible_host=doku.servers.dc.verdnatura.es -iventoy ansible_host=iventoy.servers.dc.verdnatura.es - -[rds] -ts-proxy1 ansible_host=ts-proxy1.servers.dc.verdnatura.es -ts-proxy2 ansible_host=ts-proxy2.servers.dc.verdnatura.es -profiles ansible_host=profiles.servers.dc.verdnatura.es - -[test] -test-db1 ansible_host=test-db1.servers.dc.verdnatura.es -test-db-proxy1 ansible_host=test-db-proxy1.servers.dc.verdnatura.es -test-db-proxy2 ansible_host=test-db-proxy2.servers.dc.verdnatura.es -monthly-db ansible_host=monthly-db.servers.dc.verdnatura.es -dev-db ansible_host=dev-db.servers.dc.verdnatura.es - -[guest:children] -ad -db -kubernetes -ldap -mail -monitoring -network -princ -rds -test diff --git a/inventories/servers b/inventories/servers new file mode 100644 index 0000000..c8fe2ad --- /dev/null +++ b/inventories/servers @@ -0,0 +1,81 @@ +[all:vars] +host_domain=servers.dc.verdnatura.es + +[kube_master] +kube-master[1:5] + +[kube_worker] +kube-worker[1:5] + +[kube_proxy] +kube-proxy[1:2] + +[kube_helper] +kube-helm + +[kubernetes:children] +kube_master +kube_worker +kube_proxy +kube_helper + +[ad] +dc[1:2] +server + +[db] +db-proxy[1:2] +db[1:2] + +[ldap] +ldap-proxy[1:2] +ldap[1:3] + +[mail] +dovecot +mailgw[1:2] +postfix +spamd +spamd-db + +[monitoring] +cacti +logger +nagios +nagiosql-db +librenms + +[network] +dhcp[1:2] +ns[1:2] +unifi +vpn +time[1:2] + +[princ] +pbx +homes +doku +iventoy + +[rds] +ts-proxy[1:2] +profiles + +[test] +test-db1 +test-db-proxy[1:2] +monthly-db +dev-db + +[guest:children] +ad +db +kubernetes +ldap +mail +monitoring +network +princ +rds +test diff --git a/playbooks/ceph.yml b/playbooks/ceph.yml new file mode 100644 index 0000000..f8189a7 --- /dev/null +++ b/playbooks/ceph.yml @@ -0,0 +1,5 @@ +- name: Configure Ceph + hosts: all + tasks: + - import_role: + name: ceph diff --git a/playbooks/kube.yml b/playbooks/kube.yml new file mode 100644 index 0000000..0b7d9bf --- /dev/null +++ b/playbooks/kube.yml @@ -0,0 +1,5 @@ +- name: Configure Kubernetes + hosts: all + tasks: + - import_role: + name: kube diff --git a/playbooks/pve.yml b/playbooks/pve.yml new file mode 100644 index 0000000..ab7c817 --- /dev/null +++ b/playbooks/pve.yml @@ -0,0 +1,5 @@ +- name: Configure PVE + hosts: all + tasks: + - import_role: + name: pve diff --git a/roles/ceph/files/nrpe.cfg b/roles/ceph/files/nrpe.cfg new file mode 100644 index 0000000..76d252f --- /dev/null +++ b/roles/ceph/files/nrpe.cfg @@ -0,0 +1,5 @@ +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 700 -c 1000 +command[check_chrony]=/usr/lib/nagios/plugins/check_chrony 1 2 +command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb +command[check_raid]=/usr/lib/nagios/plugins/check_raid +command[check_mon]=/etc/nagios/plugins/check_ceph_mon --id nagios --monid "`hostname`" diff --git a/roles/ceph/handlers/main.yml b/roles/ceph/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/ceph/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/ceph/tasks/main.yml b/roles/ceph/tasks/main.yml new file mode 100644 index 0000000..c1af77e --- /dev/null +++ b/roles/ceph/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Set NRPE Ceph configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-ceph.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe diff --git a/roles/debian-base/defaults/main.yaml b/roles/debian-base/defaults/main.yaml index 3eb8039..6bd18b1 100644 --- a/roles/debian-base/defaults/main.yaml +++ b/roles/debian-base/defaults/main.yaml @@ -5,16 +5,3 @@ fail2ban: bantime: 600 maxretry: 4 ignore: "127.0.0.0/8 {{ dc_net }}" -exim_dc_eximconfig_configtype: satellite -dc_other_hostnames: "{{ ansible_fqdn }}" -dc_local_interfaces: 127.0.0.1 -dc_readhost: "{{ ansible_fqdn }}" -dc_relay_domains: "" -dc_minimaldns: false -dc_relay_nets: "" -dc_smarthost: "{{ smtp_server }}" -CFILEMODE: 644 -dc_use_split_config: false -dc_hide_mailname: true -dc_mailname_in_oh: true -dc_localdelivery: mail_spool diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index eab5dc9..88ee3e2 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -11,31 +11,31 @@ mode: 0644 with_items: - regexp: '^dc_eximconfig_configtype' - line: "dc_eximconfig_configtype='{{ exim_dc_eximconfig_configtype }}'" + line: "dc_eximconfig_configtype='satellite'" - regexp: '^dc_other_hostnames' - line: "dc_other_hostnames='{{ dc_other_hostnames }}'" + line: "dc_other_hostnames='{{ ansible_fqdn }}'" - regexp: '^dc_local_interfaces' - line: "dc_local_interfaces='{{ dc_local_interfaces }}'" + line: "dc_local_interfaces='127.0.0.1'" - regexp: '^dc_readhost' - line: "dc_readhost='{{ dc_readhost }}'" + line: "dc_readhost='{{ ansible_fqdn }}'" - regexp: '^dc_relay_domains' - line: "dc_relay_domains='{{ dc_relay_domains }}'" + line: "dc_relay_domains=''" - regexp: '^dc_minimaldns' - line: "dc_minimaldns='{{ dc_minimaldns }}'" + line: "dc_minimaldns='false'" - regexp: '^dc_relay_nets' - line: "dc_relay_nets='{{ dc_relay_nets }}'" + line: "dc_relay_nets=''" - regexp: '^dc_smarthost' - line: "dc_smarthost='{{ dc_smarthost }}'" + line: "dc_smarthost='{{ smtp_server }}'" - regexp: '^CFILEMODE' - line: "CFILEMODE='{{ CFILEMODE }}'" + line: "CFILEMODE='644'" - regexp: '^dc_use_split_config' - line: "dc_use_split_config='{{ dc_use_split_config }}'" + line: "dc_use_split_config='false'" - regexp: '^dc_hide_mailname' - line: "dc_hide_mailname='{{ dc_hide_mailname }}'" + line: "dc_hide_mailname='true'" - regexp: '^dc_mailname_in_oh' - line: "dc_mailname_in_oh='{{ dc_mailname_in_oh }}'" + line: "dc_mailname_in_oh='true'" - regexp: '^dc_localdelivery' - line: "dc_localdelivery='{{ dc_localdelivery }}'" + line: "dc_localdelivery='mail_spool'" notify: restart-exim register: exim_config - name: Update exim configuration diff --git a/roles/kube/files/nrpe.cfg b/roles/kube/files/nrpe.cfg new file mode 100644 index 0000000..b05af2f --- /dev/null +++ b/roles/kube/files/nrpe.cfg @@ -0,0 +1,5 @@ +command[check_mountpoints]=/etc/nagios/plugins/check_mountpoints /var/lib/containerd +command[check_disk_containerd]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -p /var/lib/containerd +command[check_readonly]=/etc/nagios/plugins/check_fs_readable.pl +command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 1000 -c 1500 +command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 25 -c 50 -s Z diff --git a/roles/kube/handlers/main.yml b/roles/kube/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/kube/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/kube/tasks/main.yml b/roles/kube/tasks/main.yml new file mode 100644 index 0000000..713d932 --- /dev/null +++ b/roles/kube/tasks/main.yml @@ -0,0 +1,8 @@ +- name: Set NRPE Kubernetes configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-kube.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe diff --git a/roles/pve/files/nrpe.cfg b/roles/pve/files/nrpe.cfg new file mode 100644 index 0000000..27587cd --- /dev/null +++ b/roles/pve/files/nrpe.cfg @@ -0,0 +1,3 @@ +command[check_zfs]=/etc/nagios/plugins/check_zfs.pl +command[check_chrony]=/etc/nagios/plugins/check_chrony -w 1 -c 2 +command[check_smartdisk]=/etc/nagios/plugins/check_smartdisk.sh /dev/sda /dev/sdb /dev/sdc /dev/sdd diff --git a/roles/pve/files/sudoers b/roles/pve/files/sudoers new file mode 100644 index 0000000..448fcd8 --- /dev/null +++ b/roles/pve/files/sudoers @@ -0,0 +1 @@ +nagios ALL=(root) NOPASSWD: /usr/bin/zpool,/usr/sbin/smartctl,/usr/lib/nagios/plugins/check_zfs.pl diff --git a/roles/pve/files/vhost.conf b/roles/pve/files/vhost.conf new file mode 100644 index 0000000..f536dc0 --- /dev/null +++ b/roles/pve/files/vhost.conf @@ -0,0 +1 @@ +options vhost max_mem_regions=512 diff --git a/roles/pve/handlers/main.yml b/roles/pve/handlers/main.yml new file mode 100644 index 0000000..0399734 --- /dev/null +++ b/roles/pve/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart-nrpe + service: + name: nagios-nrpe-server + state: restarted diff --git a/roles/pve/tasks/main.yml b/roles/pve/tasks/main.yml new file mode 100644 index 0000000..101abcf --- /dev/null +++ b/roles/pve/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Set NRPE PVE configuration + copy: + src: nrpe.cfg + dest: /etc/nagios/nrpe.d/95-pve.cfg + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart-nrpe +- name: Add nagios to sudoers + copy: + src: sudoers + dest: /etc/sudoers.d/nagios + mode: u=rw,g=r,o= + owner: root + group: root +- name: Configure memory regions + copy: + src: vhost.conf + dest: /etc/modprobe.d/ + mode: u=rw,g=r,o=r + owner: root + group: root