diff --git a/plays/monitoring.yml b/plays/monitoring.yml
index 79b0923d382f2b55c1e4541718455b7fa75aeb1a..59e74f37abec2e999e1943358c09da1739150e8e 100755
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@@ -11,11 +11,28 @@
# - quasar.adm.crans.org # 4J
unifi_snmp_targets: "{{ groups['crans_unifi'] | list | sort }}"
blackbox_targets:
- - https://crans.org
- - https://www.crans.org
- - https://grafana.crans.org
- - https://wiki.crans.org
- - https://pad.crans.org
+ - https://crans.org/
+ - https://www.crans.org/
+ - https://webirc.crans.org/
+ - https://jitsi.crans.org/
+ - https://ftps.crans.org/
+ - http://ftp.crans.org/
+ - https://grafana.crans.org/
+ - https://roundcube.crans.org/
+ - https://zero.crans.org/
+ - https://wiki.crans.org/PageAccueil
+ - https://framadate.crans.org/
+ - https://pad.crans.org/
+ - https://lists.crans.org/
+ - https://cas.crans.org/
+ - https://ethercalc.crans.org/
+ - https://phabricator.crans.org/
+ - https://webmail.crans.org/horde/login.php
+ - https://gitlab.crans.org/
+ - https://perso.crans.org/crans/
+ - https://install-party.crans.org/
+ - https://intranet.crans.org/
+ - https://owncloud.crans.org/
nginx_targets:
- hodaur.adm.crans.org
- charybde.adm.crans.org
@@ -26,10 +43,9 @@
grafana:
root_url: https://grafana.crans.org
icon: crans_icon_white.svg
-
- ldap_base: 'dc=crans,dc=org'
- ldap_master_ipv4: '172.16.10.1'
- ldap_user_tree: "ou=passwd,{{ ldap_base }}"
+ ldap_base: "{{ glob_ldap.base }}"
+ ldap_master_ipv4: "{{ glob_ldap.servers[0] }}"
+ ldap_user_tree: "ou=passwd,{{ glob_ldap.base }}"
roles:
- prometheus
- prometheus-alertmanager
@@ -38,30 +54,6 @@
- ninjabot
- grafana
-# Deploy backup Prometheus on backup server
-#- hosts: odlyd.adm.crans.org
-# vars:
-# # only critical infra
-# prometheus:
-# node_targets:
-# - odlyd.adm.crans.org # me, myself and I
-# - zamok.adm.crans.org # parce que WeeChat c'est critique
-# - thot.adm.crans.org # la bdd adh est critique... enfin a skip
-# - zbee.adm.crans.org # zbeu! la bay!
-# - stitch.adm.crans.org # last hope virtu
-# - redisdead.adm.crans.org # Postmen... youtu.be/vEkY6W-fEZQ?t=132
-# ups_snmp_targets:
-# - pulsar.adm.crans.org # 0B
-# - quasar.adm.crans.org # 4J
-#
-# snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
-# roles:
-# - prometheus
-# - prometheus-alertmanager
-# - prometheus-snmp-exporter
-# - ninjabot
-
-
# Monitor all hosts
- hosts: server
vars:
diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index c918707aac8cabe5ecfd2b22128dd94867a7e9f4..c92a93308d8847a880f9e293d5866293e3ebbe83 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -5,7 +5,7 @@
[[servers]]
# Ldap server host (specify multiple hosts space separated)
-host = "{{ ldap_master_ipv4 }}"
+host = "{{ grafana.ldap_master_ipv4 }}"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if ldap server supports TLS
@@ -20,22 +20,18 @@ ssl_skip_verify = true
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
-# Search user bind dn
-bind_dn = "uid=%s,{{ ldap_user_tree }}"
-# Search user bind password
-# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-#bind_password = ''
+# Use direct bind
+bind_dn = "uid=%s,{{ grafana.ldap_user_tree }}"
-# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+# Useless as we are doing direct bind,
+# but without LDAP auth hang
search_filter = "(uid=%s)"
-
-# An array of base dns to search through
-search_base_dns = ["{{ ldap_user_tree }}"]
+search_base_dns = ["ou=passwd,dc=crans,dc=org"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-group_search_base_dns = ["ou=group,{{ ldap_base }}"]
+group_search_base_dns = ["ou=group,{{ grafana.ldap_base }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses