Compare commits
9 Commits
79d46e3100
...
c9843a4cdd
Author | SHA1 | Date |
---|---|---|
Gregor Michels | c9843a4cdd | |
Gregor Michels | f0115625f6 | |
Gregor Michels | 60e57af853 | |
Gregor Michels | bbfc548e23 | |
Gregor Michels | 10d8e0133e | |
Gregor Michels | e539d6c36f | |
Gregor Michels | e350445a4b | |
Gregor Michels | 24a31603ef | |
Gregor Michels | 6623cc0e09 |
|
@ -7,6 +7,9 @@ ap-2bbf ip=10.84.1.30 channel_2g=11 channel_5g=149 # Tent 4
|
|||
ap-1a38 ip=10.84.1.35 channel_2g=6 channel_5g=153 # Tent 5
|
||||
ap-8f39 ip=10.84.1.37 channel_2g=1 channel_5g=157 # Tent 5
|
||||
|
||||
[accesspoints:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
|
||||
[switches]
|
||||
sw-access01 ip=10.84.1.11
|
||||
sw-access02 ip=10.84.1.12
|
||||
|
@ -14,9 +17,18 @@ sw-access02 ip=10.84.1.12
|
|||
[gateways]
|
||||
gw-core01 ip=10.84.1.1
|
||||
|
||||
[gateways:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
|
||||
[server]
|
||||
hyper01 ip=10.84.1.21
|
||||
|
||||
[vms]
|
||||
eae-adp-jump01 ip=162.55.53.85 monitoring_ip=10.84.254.0 ansible_python_interpreter=/usr/local/bin/python3
|
||||
monitoring01 ip=10.84.1.51
|
||||
|
||||
[container]
|
||||
monitoring01 ip=10.84.1.51 cpus=2 disk=50 memory=1024 net='{"net0":"name=eth0,ip=10.84.1.51/24,gw=10.84.1.1,bridge=vmbr0"}'
|
||||
mon-e2e-clients01 ip=10.84.7.30 cpus=1 disk=10 memory=256 net='{"net0":"name=eth0,ip=dhcp,bridge=vmbr1"}'
|
||||
|
||||
[container:vars]
|
||||
ostemplate=local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst
|
||||
|
|
|
@ -9,21 +9,22 @@ Diagram:
|
|||
IPAM / Device Overview:
|
||||
-----------------------
|
||||
|
||||
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
|
||||
| --------------- | --------- | ------------- | ------------------- | -------------------- | ------------------------------------------------- |
|
||||
| `gigacube-E950` | Büro | `192.168.0.1` | `c8:ea:f8:b6:e9:50` | ZTE MF289F/Gigacube | property of Saxonia Catering/rental from Vodafone |
|
||||
| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | |
|
||||
| `sw-access01` | Büro | `10.84.1.11` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
|
||||
| `sw-access02` | Zelt 5 | `10.84.1.12` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
|
||||
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
|
||||
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | |
|
||||
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
|
||||
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
|
||||
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
|
||||
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
|
||||
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
|
||||
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
|
||||
| `ap-8f39` | Zelt 5 | `10.84.1.37` | `??:??:??:??:??:??` | Aruba AP-105 | |
|
||||
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
|
||||
| ------------------- | --------- | ------------- | ------------------- | -------------------- | ------------------------------------------------- |
|
||||
| `gigacube-E950` | Büro | `192.168.0.1` | `c8:ea:f8:b6:e9:50` | ZTE MF289F/Gigacube | property of Saxonia Catering/rental from Vodafone |
|
||||
| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | |
|
||||
| `sw-access01` | Büro | `10.84.1.11` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
|
||||
| `sw-access02` | Zelt 5 | `10.84.1.12` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
|
||||
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
|
||||
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox Container | |
|
||||
| `mon-e2e-clients01` | `hyper01` | `10.84.7.30` | `ca:ac:5a:d0:b6:02` | Proxmox Container | used for end to end monitoring of the public net |
|
||||
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
|
||||
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
|
||||
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
|
||||
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
|
||||
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
|
||||
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
|
||||
| `ap-8f39` | Zelt 5 | `10.84.1.37` | `??:??:??:??:??:??` | Aruba AP-105 | |
|
||||
|
||||
|
||||
Upstream Connectivity:
|
||||
|
|
|
@ -10,3 +10,12 @@ groups:
|
|||
annotations:
|
||||
summary: Prometheus target missing (instance {{ $labels.instance }})
|
||||
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
||||
- alert: NodeRebooted
|
||||
expr: changes(node_boot_time_seconds[2h]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: A node rebooted in the last 2 hours (instance {{ $labels.instance }})
|
||||
description: "The uptime of a node changed in the last two hours. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
modules:
|
||||
http_2xx:
|
||||
prober: http
|
||||
http_post_2xx:
|
||||
prober: http
|
||||
http:
|
||||
method: POST
|
||||
tcp_connect:
|
||||
prober: tcp
|
||||
pop3s_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- expect: "^+OK"
|
||||
tls: true
|
||||
tls_config:
|
||||
insecure_skip_verify: false
|
||||
ssh_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- expect: "^SSH-2.0-"
|
||||
irc_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- send: "NICK prober"
|
||||
- send: "USER prober prober prober :prober"
|
||||
- expect: "PING :([^ ]+)"
|
||||
send: "PONG ${1}"
|
||||
- expect: "^:[^ ]+ 001"
|
||||
icmp_v4:
|
||||
prober: icmp
|
||||
icmp:
|
||||
preferred_ip_protocol: ip4
|
||||
ip_protocol_fallback: false
|
Binary file not shown.
|
@ -27,16 +27,6 @@
|
|||
mode: 0600
|
||||
create: yes
|
||||
|
||||
- name: install node_exporter
|
||||
package:
|
||||
name: node_exporter
|
||||
|
||||
- name: enable node_exporter
|
||||
service:
|
||||
name: node_exporter
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
handlers:
|
||||
- name: reload firewall
|
||||
command: pfctl -vf /etc/pf.conf
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
---
|
||||
- name: provision hyper01
|
||||
hosts: hyper01
|
||||
tasks:
|
||||
- name: install node-exporter
|
||||
package:
|
||||
name: prometheus-node-exporter
|
||||
|
||||
- name: create vms/container
|
||||
hosts: 127.0.0.1
|
||||
connection: local
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: create monitoring01
|
||||
proxmox:
|
||||
api_user: root@pam
|
||||
api_password: "{{ lookup('passwordstore', 'server/hyper01') }}"
|
||||
api_host: "{{ hostvars['hyper01']['ip'] }}"
|
||||
node: hyper01
|
||||
hostname: monitoring01
|
||||
onboot: yes
|
||||
cpus: 2
|
||||
disk: 50
|
||||
memory: 1024
|
||||
storage: 'local-zfs'
|
||||
ostemplate: 'local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst'
|
||||
password: "{{ lookup('passwordstore', 'vms/monitoring01/root') }}"
|
||||
pubkey: "{{ lookup('ansible.builtin.file', 'files/authorized_keys') }}"
|
||||
netif: '{"net0":"name=eth0,ip=10.84.1.51/24,gw=10.84.1.1,bridge=vmbr0"}'
|
||||
unprivileged: yes
|
||||
features:
|
||||
- nesting=1
|
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
- name: provision containers
|
||||
hosts: 127.0.0.1
|
||||
connection: local
|
||||
gather_facts: no
|
||||
vars:
|
||||
proxmox_host: "hyper01"
|
||||
tasks:
|
||||
- name: create containers
|
||||
proxmox:
|
||||
api_user: root@pam
|
||||
api_password: "{{ lookup('passwordstore', 'server/{{ proxmox_host }}') }}"
|
||||
api_host: "{{ hostvars[proxmox_host]['ip'] }}"
|
||||
node: "{{ proxmox_host }}"
|
||||
hostname: "{{ item }}"
|
||||
onboot: yes
|
||||
cpus: "{{ hostvars[item]['cpus'] }}"
|
||||
disk: "{{ hostvars[item]['disk'] }}"
|
||||
memory: "{{ hostvars[item]['memory'] }}"
|
||||
storage: 'local-zfs'
|
||||
ostemplate: "{{ hostvars[item]['ostemplate'] }}"
|
||||
password: "{{ lookup('passwordstore', 'container/{{ item }}/root') }}"
|
||||
pubkey: "{{ lookup('ansible.builtin.file', 'files/authorized_keys') }}"
|
||||
netif: "{{ hostvars[item]['net'] }}"
|
||||
unprivileged: yes
|
||||
features:
|
||||
- nesting=1
|
||||
with_items: "{{ groups['container'] }}"
|
||||
|
||||
- name: start containers
|
||||
proxmox:
|
||||
api_user: root@pam
|
||||
api_password: "{{ lookup('passwordstore', 'server/{{ proxmox_host }}') }}"
|
||||
api_host: "{{ hostvars[proxmox_host]['ip'] }}"
|
||||
node: "{{ proxmox_host }}"
|
||||
hostname: "{{ item }}"
|
||||
state: started
|
||||
with_items: "{{ groups['container'] }}"
|
|
@ -1,4 +1,57 @@
|
|||
---
|
||||
- name: provision node exporters
|
||||
hosts:
|
||||
- server
|
||||
- vms
|
||||
- container
|
||||
vars:
|
||||
package_names:
|
||||
OpenBSD: node_exporter
|
||||
Debian: prometheus-node-exporter
|
||||
tasks:
|
||||
- name: install node exporter
|
||||
package:
|
||||
name: "{{ package_names[ansible_distribution] }}"
|
||||
|
||||
- name: start and enable node_exporter
|
||||
service:
|
||||
name: "{{ package_names[ansible_distribution] }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: provision blackbox exporters
|
||||
hosts:
|
||||
- mon-e2e-clients01
|
||||
- monitoring01
|
||||
tasks:
|
||||
- name: install blackbox exporter
|
||||
package:
|
||||
name: prometheus-blackbox-exporter
|
||||
|
||||
- name: add net raw capability to blackbox exporter
|
||||
capabilities:
|
||||
path: /usr/bin/prometheus-blackbox-exporter
|
||||
capability: cap_net_raw+ep
|
||||
notify:
|
||||
- restart blackbox-exporter
|
||||
|
||||
- name: configure blackbox-exporter
|
||||
copy:
|
||||
src: files/blackbox.yml
|
||||
dest: /etc/prometheus/blackbox.yml
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
validate: "prometheus-blackbox-exporter --config.file='%s' --config.check"
|
||||
notify:
|
||||
- restart blackbox-exporter
|
||||
|
||||
handlers:
|
||||
- name: restart blackbox-exporter
|
||||
service:
|
||||
name: prometheus-blackbox-exporter
|
||||
state: restarted
|
||||
|
||||
- name: provision monitoring
|
||||
hosts:
|
||||
- monitoring01
|
||||
|
|
|
@ -28,3 +28,46 @@ scrape_configs:
|
|||
{% endfor %}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
- job_name: 'blackbox'
|
||||
static_configs:
|
||||
- targets:
|
||||
- {{ hostvars['mon-e2e-clients01']['ip'] }}:9115
|
||||
- {{ hostvars['monitoring01']['ip'] }}:9115
|
||||
|
||||
- job_name: 'e2e_clients_v4'
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module: [icmp_v4]
|
||||
static_configs:
|
||||
- targets:
|
||||
- freifunk-leipzig.de
|
||||
- harald.brainpeach.de
|
||||
- 195.201.165.118 # freifunk-leipzig.de without dns query
|
||||
- 88.198.195.242 # harald.brainpeach.de without dns query
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: {{ hostvars['mon-e2e-clients01']['ip'] }}:9115
|
||||
|
||||
- job_name: 'e2e_default_v4'
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module: [icmp_v4]
|
||||
static_configs:
|
||||
- targets:
|
||||
- 192.168.0.1 # gigacube
|
||||
- freifunk-leipzig.de
|
||||
- harald.brainpeach.de
|
||||
- 195.201.165.118 # freifunk-leipzig.de without dns query
|
||||
- 88.198.195.242 # harald.brainpeach.de without dns query
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
- target_label: __address__
|
||||
replacement: {{ hostvars['monitoring01']['ip'] }}:9115
|
||||
|
|
Reference in New Issue