commit

2026-06-06 00:03:38 +02:00
commit a49ac0c51a
12 changed files with 311 additions and 0 deletions
@@ -0,0 +1 @@
+ Password:
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIUdyYdCnJ9SmN/x/IjPKDSooUyRB0wDQYJKoZIhvcNAQEL
+BQAwgbYxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdIYW1idXJnMRAwDgYDVQQHDAdI
+YW1idXJnMSgwJgYDVQQKDB9UaGllcyBNdWVsbGVyIFNlcnZpY2UgU29sdXRpb25z
+MRMwEQYDVQQLDApNb25pdG9yaW5nMR4wHAYDVQQDDBVtb25pdG9yaW5nLnRzZXJ2
+aWMuZXMxJDAiBgkqhkiG9w0BCQEWFW1vbml0b3JpbmdAdHNlcnZpYy5lczAeFw0y
+NjA0MjIxNDU5MTVaFw0zNjA0MTkxNDU5MTVaMIG2MQswCQYDVQQGEwJERTEQMA4G
+A1UECAwHSGFtYnVyZzEQMA4GA1UEBwwHSGFtYnVyZzEoMCYGA1UECgwfVGhpZXMg
+TXVlbGxlciBTZXJ2aWNlIFNvbHV0aW9uczETMBEGA1UECwwKTW9uaXRvcmluZzEe
+MBwGA1UEAwwVbW9uaXRvcmluZy50c2VydmljLmVzMSQwIgYJKoZIhvcNAQkBFhVt
+b25pdG9yaW5nQHRzZXJ2aWMuZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCZAojwjIr274EYTNM7UWu6H9/04a9+y9HkOAq6twcsc248D5thEQCPSyOA
+T5eq5wMjdH4B7LKkMlL/Rp4HuWWtA+EopDGZcsCGsphoszor+VyiVDc4VCT+IhUY
+aSQHRC0szIgcj46wHE/hJYQlwYfRqkQWHWvzDO1r2TGrKfzwx9TBCj63Y9jj28dN
+j/W1xEbwq0oW7Oh81i/ryil7Ie0DXoJYMoSwnwI1oBTQB1GIQDp4kceK0oCBOR9E
+24zPGiVZNtm4iasaJaFnWQzN8RfNE2Woh5ywYT1ejYQ9fzMexTs9U4lmdl9oBlYr
+bvd12pyVteycMYrLRA4ocxCEWrfFAgMBAAGjITAfMB0GA1UdDgQWBBRvOU0eImx0
+j+HJAmbpaLCUeVlGbzANBgkqhkiG9w0BAQsFAAOCAQEAhfO45AqPoVmLiKKs8Klb
+zSEOazYzFm8JycZ3VdjOSIbWNnjoG51ThD8IFRc0RN3HswWmY30oC3FT6bRoo7N/
+s91CqaKNRAhDkJ9pzhT5Fy6LBXyqsESB+GLvQNWcPK75Tt0I2gNfSnnBUtIvJDpV
+g6HColCnqgHeGPlhJYHUCRgXEXUkmy96qVb4Jx6HCIFL6p92sFPwsWhUf/SYiXht
+AnnKZad56vwz6aSgrEeE8W/Lb2rXQGlo2+cUPUl+55WLJaBVH23PGpYjxtcN+jsl
+kCBr6KbelwJdCq+5urtdLDN2mKy8hAHNAgZwkWe+ygIoTS5ChHhKhtlvy+VEVdhL
+Ng==
+-----END CERTIFICATE-----
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC/DCCAeQCAQAwgbYxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdIYW1idXJnMRAw
+DgYDVQQHDAdIYW1idXJnMSgwJgYDVQQKDB9UaGllcyBNdWVsbGVyIFNlcnZpY2Ug
+U29sdXRpb25zMRMwEQYDVQQLDApNb25pdG9yaW5nMR4wHAYDVQQDDBVtb25pdG9y
+aW5nLnRzZXJ2aWMuZXMxJDAiBgkqhkiG9w0BCQEWFW1vbml0b3JpbmdAdHNlcnZp
+Yy5lczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJkCiPCMivbvgRhM
+0ztRa7of3/Thr37L0eQ4Crq3ByxzbjwPm2ERAI9LI4BPl6rnAyN0fgHssqQyUv9G
+nge5Za0D4SikMZlywIaymGizOiv5XKJUNzhUJP4iFRhpJAdELSzMiByPjrAcT+El
+hCXBh9GqRBYda/MM7WvZMasp/PDH1MEKPrdj2OPbx02P9bXERvCrShbs6HzWL+vK
+KXsh7QNeglgyhLCfAjWgFNAHUYhAOniRx4rSgIE5H0TbjM8aJVk22biJqxoloWdZ
+DM3xF80TZaiHnLBhPV6NhD1/Mx7FOz1TiWZ2X2gGVitu93XanJW17JwxistEDihz
+EIRat8UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBrGnq928qEJ8rfTN75WfY6
+FIF9UaJQhBShd8M7HbPbJvUf6tINi8MgCDwMhaMNKp2X3uCnzBlZkJwVtw6idlsP
+1LWH1fio11nqqW+aHZBFm0SVrLE/578twvqwyMCjybEQWEqK0HQpITkB2GFTzUMW
+d/JZspsNi9sMSZz0JhaD0w98DhU33PIwyuGSRYFxKnVei0n+2DV5rYhWoKXoFE1w
+ZnT11Sxcjh2Jc5buqlHvP4vSDUnQvBasif7HtSxarrqQhe+IRs5o2qAFTvouLNSm
+0dgnHpRVuN9p5hG+1r9M2QEK64ydfOuDUZ6ajNThwEwADgPRTTdujHUJL3lgwIUk
+-----END CERTIFICATE REQUEST-----
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCZAojwjIr274EY
+TNM7UWu6H9/04a9+y9HkOAq6twcsc248D5thEQCPSyOAT5eq5wMjdH4B7LKkMlL/
+Rp4HuWWtA+EopDGZcsCGsphoszor+VyiVDc4VCT+IhUYaSQHRC0szIgcj46wHE/h
+JYQlwYfRqkQWHWvzDO1r2TGrKfzwx9TBCj63Y9jj28dNj/W1xEbwq0oW7Oh81i/r
+yil7Ie0DXoJYMoSwnwI1oBTQB1GIQDp4kceK0oCBOR9E24zPGiVZNtm4iasaJaFn
+WQzN8RfNE2Woh5ywYT1ejYQ9fzMexTs9U4lmdl9oBlYrbvd12pyVteycMYrLRA4o
+cxCEWrfFAgMBAAECggEAB0t4JOPGckxr3rE29uKEXMzNPBsQZ16nRJapaEp2lJdy
+P3nNAh0x5iMCb8kbpYG7BBM3OLdEsxBVJaeDvEGKB+wh7XKajMLMS/+yxXcaBGOw
+l2qlcVGNq/ILCG1m0tPcxYCA0r/DYUEQS98ihDxMUeIoudcwQNeycAxcUlk/nmkN
+oX5kzzpmT4TSaVrY0cvFQfGVv8MbcqHbefolw8IepyTd0fLkSBxjVImxILecle5F
+iTGuwyAZmddmwPnoIYm2a+3HK4vNDxDlT6xxvcxciXNBdwweJ1DxKDDnhWyW6XO8
+8tfnhfsvSPze/ynTQOLxTxSIBmWwi4XbhhY/wtaIlwKBgQDTZD84Th8EJEAtny58
+/wpuyyk2ymkRXERSm1aOr6fjMp50UoDH+eEXa+OtXNh6s6pR1R7EG64vN/q7SnNo
+DYDC8UTFIe6oQbILxbheXYUm1MpzB6pbuj80QsnowfZwRbpB85LjQ+5zlBHB+jHP
+aipBj26LW1thUAyZ4tfyBRKCbwKBgQC5TGeIjU1jz3N1c8cDajFr2rdQ7NQzE9hb
+6htiRMnEO4xmHY94YaPy/MdJojvh+Ed15NreAaZJLfW1RA0wZTEBQ0OjAKEbRcEF
+duDshkoTULUwN51J20rCLzfaYVj3cgpoi+zx2bdhLtjtfyGCxOxv/15af+hQoL/9
+7JAxih0zCwKBgFz2iArl6CP1ITgu+c3Ehz0EIULULvKQhgdiAuXK/+UdfKuhILtQ
+5lGPCEgZJ9JZcyJEfeiSK7BSoWVDz2iOo8AdYLQEllyUq90q0jsjcLu73040MV4
+GZWNDahLrGnhcDDSwjUpybKQWmLY+ZDCmoSsZCvq6DvabUA7j0YCzwoHAoGASCBr
+dIW8CAvqH1/PqY6eaiMalA97kd45q512x0uLVizvu5fqDqvDC4RFdm4F7TGdb1CD
+uULfHUEckVBJ6fqZlqo+G6bVDy6ZsazSZH7pOpeBz6D2QpdvhCKpFQIrhTYIwyUk
+OAfND7ESk2+W9bX9aqL2cTe0kB3iXc7FWeMu9n0CgYAz5xVC/9YzA1K89MqKle5d
+G5Iuv09TEyroDmm/P/iQueaZi3QYjQR4mFEVZK+NqztxXKyZK2LJdtsTpayDCAM4
+SSuQWmRpSGjzanVlHGYcJh/UvOGf5L0xyAFIjKcpX6nnsG8B12HGXS43BjLLhNEu
+0sOIcQghdMhetQYPtD7Ujw==
+-----END PRIVATE KEY-----
@@ -0,0 +1,5 @@
+tls_server_config:
+    cert: /etc/node_exporter/cert.crt
+    key: /etc/node_exporter/cert.key
+basic_auth_users:
+  monitoring: $2y$12$OOlihTG383u0nqDk4dcmUuO.KAsusfDsd04TW1/b1TUuqbWlViBSO
@@ -0,0 +1,66 @@
+- hosts: all:!windows:!monitoring
+
+
+  vars:
+    node_exporter_version: 1.11.1
+    interface_var_name: "ansible_wt0"
+    interface_var_ipv4: "{{ vars[interface_var_name].ipv4.address }}"
+  tasks:
+    - name: download node exporter
+      get_url:
+        url: https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_version }}/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz
+        dest: /tmp
+    - name: unarchive node exporter
+      unarchive:
+        remote_src: yes
+        src: /tmp/node_exporter-{{ node_exporter_version }}.linux-amd64.tar.gz
+        dest: /tmp
+    - name: move node exporter to /usr/local/bin
+      copy:
+        src: /tmp/node_exporter-{{ node_exporter_version }}.linux-amd64/node_exporter
+        dest: /usr/local/bin/node_exporter
+        remote_src: yes
+        owner: root
+        group: root
+        mode: 0755
+    - name: install unit file to systemd
+      template:
+        src: templates/node_exporter.service.j2
+        dest: /etc/systemd/system/node_exporter.service
+        owner: root
+        group: root
+        mode: 0600
+    - name: create config directory
+      file:
+        path: /etc/node_exporter
+        state: directory
+        owner: root
+        group: root
+        mode: 0700
+    - name: copy certificates
+      copy:
+        src: files/node_exporter.crt
+        dest: /etc/node_exporter/cert.crt
+        owner: root
+        group: root
+        mode: 0600
+    - name: copy certificate key
+      copy:
+        src: files/node_exporter.key
+        dest: /etc/node_exporter/cert.key
+        owner: root
+        group: root
+        mode: 0600
+    - name: copy node exporter config
+      template:
+        src: files/node_exporter.yml
+        dest: /etc/node_exporter/config.yml
+        owner: root
+        group: root
+        mode: 0600
+    - name: configure systemd to use service
+      systemd:
+        daemon_reload: yes
+        enabled: yes
+        state: started
+        name: node_exporter.service
@@ -0,0 +1,5 @@
+loglevel: debug
+port: 8080  # Optional
+intervalminutes: 2
+certificates:
+    - dns: auth.tservic.es
@@ -0,0 +1,10 @@
+[Unit]
+Description=Node Exporter
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/node_exporter --web.config.file="/etc/node_exporter/config.yml" --web.listen-address=":9100"
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,56 @@
+---
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+
+scrape_configs:
+  - job_name: cert-checker
+    scrape_interval: 5s
+    static_configs:
+      - targets:
+        - cert-checker:8080
+
+  - job_name: "nodeexporter"
+    static_configs:
+      - targets: ["node-exporter:9100"]
+
+  - job_name: "cadvisor"
+    static_configs:
+      - targets: ["cadvisor:8080"]
+{% for host in groups['docker']%}
+{% if inventory_hostname != host %}
+      - targets: ["{{ host }}{{hostsuffix}}:9999"]
+{% endif %}
+{% endfor %}
+
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]
+
+  - job_name: "node_exporter"
+    static_configs:
+{% for host in groups['locations'] %}
+{% if inventory_hostname != host and host not in groups['windows'] %}
+      - targets: ["{{ host }}{{hostsuffix}}:9100"]
+{% endif %}
+{% endfor %}
+
+
+  - job_name: "docker"
+    static_configs:
+{% for host in groups['docker'] %}
+{% if inventory_hostname != host %}
+      - targets: ["{{ host }}{{hostsuffix}}:9323"]
+{% endif %}
+{% endfor %}
+
+
+rule_files:
+  - rules.yml
+
+alerting:
+  alertmanagers:
+    - static_configs:
+      - targets:
+        # Alertmanager's default port is 9093
+        - localhost:9093
@@ -0,0 +1,14 @@
+groups:
+- name: AllInstances
+  rules:
+  - alert: InstanceDown
+    # Condition for alerting
+    expr: up == 0
+    for: 1m
+    # Annotation - additional informational labels to store more information
+    annotations:
+      title: 'Instance {{ $labels.instance }} down'
+      description: '{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 1 minute.'
+    # Labels - additional labels to be attached to the alert
+    labels:
+      severity: 'critical'
@@ -0,0 +1,34 @@
+- hosts: monitoring
+
+  tasks:
+    - name: deploy prometheus config
+      template:
+        src: templates/prometheus.yml.j2
+        dest: /opt/containers/prometheus-grafana/prometheus/prometheus.yml
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: deploy prometheus rules
+      copy:
+        src: templates/rules.yml
+        dest: /opt/containers/prometheus-grafana/prometheus/rules.yml
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: deploy cert-checker config
+      copy:
+        src: templates/cert-checker.yaml
+        dest: /opt/containers/prometheus-grafana/cert-checker/config.yaml
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: reload prometheus container
+      shell: cd /opt/containers/prometheus-grafana && docker kill prometheus && docker compose up -d
+      ignore_errors: true
+
+#    - name: reload prometheus container (legacy docker)
+#      shell: cd /opt/containers/prometheus-grafana && docker-compose down && docker-compose up -d
+#      ignore_errors: true