Sélectionner une révision Git
-
Théo - Le Filament a rédigéThéo - Le Filament a rédigé
vps.cfg.j2 19,79 Kio
###############################################################################
###############################################################################
#
# HOST DEFINITION
#
###############################################################################
###############################################################################
# Define a host for the local machine
{% for host in groups['all'] | sort %}
{% if host != inventory_hostname %}
define host{
use linux-server
host_name {{ host }}
alias {{ host }}
address {{ hostvars[host].ansible_host }}
}
{% endif %}
{% endfor %}
define host{
use linux-server
host_name {{ inventory_hostname }}
alias {{ inventory_hostname }}
address 192.168.239.1
}
###############################################################################
###############################################################################
#
# HOST GROUP DEFINITION
#
###############################################################################
###############################################################################
# Define an optional hostgroup for Linux machines
define hostgroup{
hostgroup_name servers_no_docker
alias Serveurs Sans Docker
members {{ groups['all'] | difference(groups['docker']) | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
}
define hostgroup{
hostgroup_name servers_docker_internet_access
alias Serveurs Dockers avec accès à Internet
members {{ groups['docker_direct_internet_access'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
}
define hostgroup{
hostgroup_name servers_docker_no_internet_access
alias Serveurs Dockers sans accès à Internet
members {{ groups['docker_restrict_internet_access'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
}
###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################
# Define a service to check the Linux version
define service{
use generic-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }} service_description Linux Version
check_command check_nrpe!check_version
}
# Define a service to check the Linux packages to be installed
define service{
use generic-service
host_name {{ groups['full_maintenance'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Packages to install
check_command check_nrpe!check_apt
notifications_enabled 0
}
# Define a service to check the disk space of the root partition
# on the local machine.
define service{
use generic-service,graphed-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Espace Disque
check_command check_nrpe!check_hda1
}
{% for host in groups['all'] | sort %}
{% if hostvars[host].raid_config is defined %}
{% for device in hostvars[host].raid_config.devices %}
define service{
use generic-service
host_name {{ host }}
service_description RAID device {{ device }}
check_command check_nrpe!check_raid_{{ device }}
}
{% endfor %}
{% endif %}
{% endfor %}
define service{
use daily-service,everytime-notification
host_name {{ groups['backup_server'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Backup Odoo Dockers
check_command check_nrpe!check_odoo_storage
}
define service{
use daily-service,everytime-notification
host_name {{ groups['backup_server'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Backup2 Odoo Dockers
check_command check_nrpe!check_odoo2_storage
}
define service{
use daily-service,everytime-notification,graphed-service
host_name {{ groups['backup_server'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Backup Cloud Files
check_command check_nrpe!check_cloud_storage
}
# Define a service to check the number of currently logged in
# users on the local machine.
define service{
use generic-service,graphed-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Utilisateurs Connectes
check_command check_nrpe!check_users
}
# Define a service to check the number of currently running procs# on the local machine.
define service{
use generic-service,graphed-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Services en cours
check_command check_nrpe!check_total_procs
}
# Define services to check for running processes
define service{
use generic-service
host_name {{ groups['odoo_server'] | union(groups['owncloud_server']) | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Nginx Service
check_command check_nrpe!check_procs_nginx
}
define service{
use generic-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description SSHD Service
check_command check_nrpe!check_procs_sshd
}
{% for host in groups['full_maintenance'] | sort %}
{% if hostvars[host].log_collection %}
define service{
use generic-service
host_name {{ host }}
service_description Filebeat Service
check_command check_nrpe!check_procs_filebeat
}
{% endif %}
{% endfor %}
# Define a service to check the load on the local machine.
define service{
use generic-service,graphed-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Charge CPU
check_command check_nrpe!check_load
}
# Define a service to check the RAM on the local machine.
define service{
use generic-service,graphed-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Charge RAM
check_command check_nrpe!check_mem
}
# SSH
define service{
use generic-service
host_name {{ groups['all'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description SSH
check_command check_ssh_port!{{ default_sshd_port }}
}
# FAIL2BAN
define service{
use generic-service,graphed-service
host_name {{ groups['full_maintenance'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Fail2ban
check_command check_nrpe!check_fail2ban
}
# Docker Proxy
define service{ use generic-service,graphed-service
host_name {{ groups['docker'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker Proxy
check_command check_nrpe!check_docker_proxy
}
# Docker LDAP
define service{
use generic-service,graphed-service
host_name {{ groups['docker_auth'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker LDAP
check_command check_nrpe!check_docker_ldap
}
# Docker SSO
define service{
use generic-service,graphed-service
host_name {{ groups['docker_auth'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker SSO
check_command check_nrpe!check_docker_sso
}
# Docker Cloud
define service{
use generic-service,graphed-service
host_name {{ groups['docker_owncloud'] | union(groups.docker_nextcloud) | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker Cloud
check_command check_nrpe!check_docker_cloud
}
# Docker Draw.io
define service{
use generic-service,graphed-service
host_name {{ groups['docker_drawio'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker DrawIo
check_command check_nrpe!check_docker_drawio
}
# Docker Etherpad
define service{
use generic-service,graphed-service
host_name {{ groups['docker_etherpad'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker Etherpad
check_command check_nrpe!check_docker_etherpad
}
# Docker Framadate
define service{
use generic-service,graphed-service
host_name {{ groups['docker_framadate'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker Framadate
check_command check_nrpe!check_docker_framadate
}
# Docker Jitsi
define service{
use generic-service,graphed-service
host_name {{ groups['docker_jitsi'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker Jitsi
check_command check_nrpe!check_docker_jitsi
}
# Docker PrivateBin
define service{
use generic-service,graphed-service
host_name {{ groups['docker_privatebin'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description Docker PrivateBin
check_command check_nrpe!check_docker_privatebin
}
# Gitlab
define service{
use generic-service,graphed-service
host_name {{ groups['gitlab'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description GitLab Services
check_command check_nrpe!check_gitlab_services
}
define service{
use generic-service,graphed-service
host_name {{ groups['gitlab'] | map('extract', hostvars, ['inventory_hostname']) | sort | join(',') }}
service_description GitLab Health
check_command check_nrpe!check_gitlab_health
}
# Definition des services HTTP
{% for host in groups['docker_auth'] | sort %}
# {{ host }} Docker Auth
define service{
use generic-service
host_name {{ host }}
service_description PhpLdapAdmin {{ hostvars[host].ldap_url }}
check_command check_https!'{{ hostvars[host].ldap_url }}'!/
}
define service{
use generic-service
host_name {{ host }}
service_description SSO Server {{ hostvars[host].sso_url }}
check_command check_https!'{{ hostvars[host].sso_url }}'!/
}
{% endfor %}
{% for host in groups['docker_odoo'] | sort %}
# {{ host }} Docker Odoo
{% if hostvars[host].restrict_internet_access and hostvars[host].whitelisted_urls is defined %}
# Docker Odoo Whitelists
define service{
use generic-service,graphed-service
host_name {{ host }}
service_description Docker Odoo Whitelists
check_command check_nrpe!check_docker_whitelists
}
{% endif %}
{% if hostvars[host].odoo_prod is defined %}
define service{
use generic-service
host_name {{ host }}
service_description Odoo Server {{ hostvars[host].odoo_prod.url }}
check_command check_https!'{{ hostvars[host].odoo_prod.url }}'!/web/login
}
# Docker Odoo
define service{
use generic-service,graphed-service
host_name {{ host }}
service_description Docker Odoo
check_command check_nrpe!check_docker_odoo
}
{% endif %}
{% for instance in hostvars[host].odoo_nonprod_instances | default([]) %}
define service{
use generic-service
host_name {{ host }}
service_description {{ instance.name }} Server {{ instance['url'] }} check_command check_https!'{{ instance['url'] }}'!/web/login
}
# Docker Odoo non prod instance
define service{
use generic-service,graphed-service
host_name {{ host }}
service_description Docker {{ instance.name }}
check_command check_nrpe!check_docker_{{ instance.name }}
}
{% endfor %}
{% endfor %}
{% for host in groups['docker_owncloud'] | union(groups['docker_nextcloud']) | sort %}
# {{ host }} Docker Cloud
define service{
use generic-service
host_name {{ host }}
service_description Cloud Server {{ hostvars[host].cloud_url }}
check_command check_https!'{{ hostvars[host].cloud_url }}'!/login
}
{% if hostvars[host].cloud_onlyoffice is defined %}
define service{
use generic-service
host_name {{ host }}
service_description OnlyOffice Server {{ hostvars[host].cloud_onlyoffice_url }}
check_command check_https!'{{ hostvars[host].cloud_onlyoffice_url }}'!/healthcheck
}
{% endif %}
{% endfor %}
{% for host in groups['docker_nagios'] | sort %}
define service{
use daily-service
host_name {{ host }}
service_description Certificate Nagios Server {{ hostvars[host].nagios_url }}
check_command check_certif!'{{ hostvars[host].nagios_url }}'!443
}
{% endfor %}
{% for host in groups['docker_drawio'] | sort %}
# {{ host }} Docker Draw.io
define service{
use generic-service
host_name {{ host }}
service_description Draw.io Server {{ hostvars[host].drawio_url }}
check_command check_https!'{{ hostvars[host].drawio_url }}'!/
}
{% endfor %}
{% for host in groups['docker_etherpad'] | sort %}
# {{ host }} Docker Etherpad
define service{
use generic-service
host_name {{ host }}
service_description Etherpad Server {{ hostvars[host].pad_url }}
check_command check_https!'{{ hostvars[host].pad_url }}'!/
}
{% endfor %}
{% for host in groups['docker_framadate'] | sort %}
# {{ host }} Docker Framadate
define service{
use generic-service host_name {{ host }}
service_description Framadate Server {{ hostvars[host].date_url }}
check_command check_https!'{{ hostvars[host].date_url }}'!/
}
{% endfor %}
{% for host in groups['gitlab'] | sort %}
# {{ host }} GitLab
define service{
use generic-service
host_name {{ host }}
service_description GitLab Server {{ hostvars[host].git_url }}
check_command check_https!'{{ hostvars[host].git_url }}'!/
}
{% endfor %}
{% for host in groups['docker_privatebin'] | sort %}
# {{ host }} Docker PrivateBin
define service{
use generic-service
host_name {{ host }}
service_description PrivateBin Server {{ hostvars[host].privatebin_url }}
check_command check_https!'{{ hostvars[host].privatebin_url }}'!/
}
{% endfor %}
{% for host in groups['odoo_server'] | sort %}
# {{ host }} Odoo
define service{
use generic-service
host_name {{ host }}
service_description Odoo {{ hostvars[host].odoo_url }}
check_command check_https!'{{ hostvars[host].odoo_url }}'!/web/login
}
define service{
use generic-service
host_name {{ host }}
service_description Odoo Service
check_command check_nrpe!check_procs_odoo
}
{% endfor %}
{% for host in groups['owncloud_server'] | sort %}
# {{ host }} Owncloud
define service{
use generic-service
host_name {{ host }}
service_description OwnCloud {{ hostvars[host].cloud_url }}
check_command check_https!'{{ hostvars[host].cloud_url }}'!/index.php/login
}
define service{
use generic-service
host_name {{ host }}
service_description Owncloud Service
check_command check_nrpe!check_procs_owncloud
}
{% endfor %}