Merge branch 'moreblackbox' into 'newinfra'

Monitor all websites

See merge request !178

plays/monitoring.yml

@@ -11,11 +11,28 @@
       #  - quasar.adm.crans.org  # 4J
       unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
       blackbox_targets:
-        - https://crans.org
-        - https://www.crans.org
-        - https://grafana.crans.org
-        - https://wiki.crans.org
-        - https://pad.crans.org
+        - https://crans.org/
+        - https://www.crans.org/
+        - https://webirc.crans.org/
+        - https://jitsi.crans.org/
+        - https://ftps.crans.org/
+        - http://ftp.crans.org/
+        - https://grafana.crans.org/
+        - https://roundcube.crans.org/
+        - https://zero.crans.org/
+        - https://wiki.crans.org/PageAccueil
+        - https://framadate.crans.org/
+        - https://pad.crans.org/
+        - https://lists.crans.org/
+        - https://cas.crans.org/
+        - https://ethercalc.crans.org/
+        - https://phabricator.crans.org/
+        - https://webmail.crans.org/horde/login.php
+        - https://gitlab.crans.org/
+        - https://perso.crans.org/crans/
+        - https://install-party.crans.org/
+        - https://intranet.crans.org/
+        - https://owncloud.crans.org/
       nginx_targets:
         - hodaur.adm.crans.org
         - charybde.adm.crans.org
@@ -26,10 +43,9 @@
     grafana:
       root_url: https://grafana.crans.org
       icon: crans_icon_white.svg
-
-    ldap_base: 'dc=crans,dc=org'
-    ldap_master_ipv4: '172.16.10.1'
-    ldap_user_tree: "ou=passwd,{{ ldap_base }}"
+      ldap_base: "{{ glob_ldap.base }}"
+      ldap_master_ipv4: "{{ glob_ldap.servers[0] }}"
+      ldap_user_tree: "ou=passwd,{{ glob_ldap.base }}"
   roles:
     - prometheus
     - prometheus-alertmanager
@@ -38,30 +54,6 @@
     - ninjabot
     - grafana
 
-# Deploy backup Prometheus on backup server
-#- hosts: odlyd.adm.crans.org
-#  vars:
-#    # only critical infra
-#    prometheus:
-#      node_targets:
-#        - odlyd.adm.crans.org  # me, myself and I
-#        - zamok.adm.crans.org  # parce que WeeChat c'est critique
-#        - thot.adm.crans.org  # la bdd adh est critique... enfin a skip
-#        - zbee.adm.crans.org  # zbeu! la bay!
-#        - stitch.adm.crans.org  # last hope virtu
-#        - redisdead.adm.crans.org  # Postmen... youtu.be/vEkY6W-fEZQ?t=132
-#      ups_snmp_targets:
-#        - pulsar.adm.crans.org  # 0B
-#        - quasar.adm.crans.org  # 4J
-#
-#    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
-#  roles:
-#    - prometheus
-#    - prometheus-alertmanager
-#    - prometheus-snmp-exporter
-#    - ninjabot
-
-
 # Monitor all hosts
 - hosts: server
   vars:

roles/grafana/templates/ldap.toml.j2

@@ -5,7 +5,7 @@
 
 [[servers]]
 # Ldap server host (specify multiple hosts space separated)
-host = "{{ ldap_master_ipv4 }}"
+host = "{{ grafana.ldap_master_ipv4 }}"
 # Default port is 389 or 636 if use_ssl = true
 port = 636
 # Set to true if ldap server supports TLS
@@ -20,22 +20,18 @@ ssl_skip_verify = true
 # client_cert = "/path/to/client.crt"
 # client_key = "/path/to/client.key"
 
-# Search user bind dn
-bind_dn = "uid=%s,{{ ldap_user_tree }}"
-# Search user bind password
-# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-#bind_password = ''
+# Use direct bind
+bind_dn = "uid=%s,{{ grafana.ldap_user_tree }}"
 
-# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+# Useless as we are doing direct bind,
+# but without LDAP auth hang
 search_filter = "(uid=%s)"
-
-# An array of base dns to search through
-search_base_dns = ["{{ ldap_user_tree }}"]
+search_base_dns = ["ou=passwd,dc=crans,dc=org"]
 
 ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
 ## Please check grafana LDAP docs for examples
 group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-group_search_base_dns = ["ou=group,{{ ldap_base }}"]
+group_search_base_dns = ["ou=group,{{ grafana.ldap_base }}"]
 group_search_filter_user_attribute = "cn"
 
 # Specify names of the ldap attributes your ldap uses