diff --git a/.gitguardian b/.gitguardian new file mode 100644 index 00000000..809ac388 --- /dev/null +++ b/.gitguardian @@ -0,0 +1,4 @@ +secret: + # Exclude files and paths by globbing + ignored_paths: + - 'provision-contest/ansible/group_vars/**/secret.yml.example' diff --git a/provision-contest/ansible/domserver.yml b/provision-contest/ansible/domserver.yml index deadce15..923cdc6a 100644 --- a/provision-contest/ansible/domserver.yml +++ b/provision-contest/ansible/domserver.yml @@ -13,7 +13,7 @@ - python3-netaddr - name: Setup domserver - hosts: domserver + hosts: domserver,online-domserver vars: host_type: domserver become: true diff --git a/provision-contest/ansible/group_vars/all/.gitignore b/provision-contest/ansible/group_vars/online/.gitignore similarity index 100% rename from provision-contest/ansible/group_vars/all/.gitignore rename to provision-contest/ansible/group_vars/online/.gitignore diff --git a/provision-contest/ansible/group_vars/online/all.yml.example b/provision-contest/ansible/group_vars/online/all.yml.example new file mode 120000 index 00000000..cb36e6fe --- /dev/null +++ b/provision-contest/ansible/group_vars/online/all.yml.example @@ -0,0 +1 @@ +../onprem/all.yml.example \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/online/secret.yml.example b/provision-contest/ansible/group_vars/online/secret.yml.example new file mode 120000 index 00000000..66dd4b02 --- /dev/null +++ b/provision-contest/ansible/group_vars/online/secret.yml.example @@ -0,0 +1 @@ +../onprem/secret.yml.example \ No newline at end of file diff --git a/provision-contest/ansible/group_vars/onprem/.gitignore b/provision-contest/ansible/group_vars/onprem/.gitignore new file mode 100644 index 00000000..c35135b1 --- /dev/null +++ b/provision-contest/ansible/group_vars/onprem/.gitignore @@ -0,0 +1,2 @@ +/secret.yml +/all.yml diff --git a/provision-contest/ansible/group_vars/all/all.yml.example b/provision-contest/ansible/group_vars/onprem/all.yml.example similarity index 100% rename from provision-contest/ansible/group_vars/all/all.yml.example rename to provision-contest/ansible/group_vars/onprem/all.yml.example diff --git a/provision-contest/ansible/group_vars/all/secret.yml.example b/provision-contest/ansible/group_vars/onprem/secret.yml.example similarity index 100% rename from provision-contest/ansible/group_vars/all/secret.yml.example rename to provision-contest/ansible/group_vars/onprem/secret.yml.example diff --git a/provision-contest/ansible/hosts.example b/provision-contest/ansible/hosts.example index 72409204..b0f9cddb 100644 --- a/provision-contest/ansible/hosts.example +++ b/provision-contest/ansible/hosts.example @@ -5,6 +5,22 @@ ansible_python_interpreter=/usr/bin/python3 # When moving clients for ad-hoc actions: # move them to their own group to keep hosts files on deployed machines in sync. +[onprem:children] +domserver +judgehost +cds +grafana +admin +presclient +presadmin +scoreboard +mgmt +autoanalyst + +[online:children] +online-domserver +online-judgehost + [domserver] domjudge-primary ansible_host=10.3.3.216 KEEPALIVED_PRIORITY=100 EFI_ORDER='0\,1\,3\,4' domjudge-backup ansible_host=10.3.3.217 KEEPALIVED_PRIORITY=99 EFI_ORDER='0\,1\,3\,4' @@ -63,3 +79,9 @@ domjudge-scoreboard ansible_host=10.2.2.229 domjudge-mgmg ansible_host=10.3.3.223 [autoanalyst] + +[online-domserver] +online-domserver ansible_host=192.168.255.255 + +[online-judgehost] +online-judgehost1 ansible_host=192.168.255.255 diff --git a/provision-contest/ansible/judgehost.yml b/provision-contest/ansible/judgehost.yml index 9ead6eaa..ae3e9c98 100644 --- a/provision-contest/ansible/judgehost.yml +++ b/provision-contest/ansible/judgehost.yml @@ -2,7 +2,7 @@ # This playbook installs the DOMjudge judgehosts - name: Setup judgehost - hosts: judgehost + hosts: judgehost,online-judgehost strategy: free vars: host_type: judgehost diff --git a/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 b/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 index 8246bf75..8352c07c 100644 --- a/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 +++ b/provision-contest/ansible/roles/grafana/templates/prometheus.yml.j2 @@ -9,79 +9,86 @@ scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - - job_name: 'db' +{% for group_prefix in GROUP_PREFIXES %} +{% if groups[group_prefix+"judgehost"][0] is defined %} + - job_name: node_judgehost basic_auth: username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + password: "{{ hostvars[groups[group_prefix+"judgehost"][0]]['PROMETHEUS_PASS'] }}" tls_config: insecure_skip_verify: true scheme: https static_configs: - targets: -{% for host in groups["domserver"] %} - - {{ hostvars[host].ansible_host }}:9104 +{% for host in groups[group_prefix+"judgehost"] %} + - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: node_domserver +{% endif %} +{% if groups["domserver"][0] is defined %} + - job_name: {{ group_prefix ~ domjudge }} basic_auth: - username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + username: admin + password: {{ ADMIN_PASSWORD }} + metrics_path: /api/v4/metrics/prometheus + scheme: https tls_config: insecure_skip_verify: true - scheme: https static_configs: - targets: -{% for host in groups["domserver"] %} - - {{ hostvars[host].ansible_host }}:9100 +{% for host in groups[group_prefix+"domserver"] %} + - {{ hostvars[host].ansible_host }} {% endfor %} - - job_name: node_judgehost + - job_name: {{ group_prefix ~ 'db' }} basic_auth: username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + password: "{{ hostvars[groups[group_prefix+"domserver"][0]]['PROMETHEUS_PASS'] }}" tls_config: insecure_skip_verify: true scheme: https static_configs: - targets: -{% for host in groups["judgehost"] %} - - {{ hostvars[host].ansible_host }}:9100 +{% for host in groups[group_prefix+"domserver"] %} + - {{ hostvars[host].ansible_host }}:9104 {% endfor %} - - job_name: node_grafana + - job_name: {{ group_prefix ~ 'node_domserver' }} basic_auth: username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + password: "{{ hostvars[groups[group_prefix+"domserver"][0]]['PROMETHEUS_PASS'] }}" tls_config: insecure_skip_verify: true scheme: https static_configs: - targets: -{% for host in groups["grafana"] %} +{% for host in groups["domserver"] %} - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: node_mgmt + - job_name: {{ group_prefix ~ 'web_nginx_domserver' }} basic_auth: username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + password: "{{ hostvars[groups[group_prefix+"domserver"][0]]['PROMETHEUS_PASS'] }}" tls_config: insecure_skip_verify: true scheme: https static_configs: - targets: -{% for host in groups["mgmt"] %} - - {{ hostvars[host].ansible_host }}:9100 +{% for host in groups[group_prefix+"domserver"] %} + - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - - job_name: node_scoreboard + - job_name: {{ group_prefix ~ 'web_fpm_domserver' }} basic_auth: username: "prometheus" - password: "{{ PROMETHEUS_PASS }}" + password: "{{ hostvars[groups[group_prefix+"domserver"][0]]['PROMETHEUS_PASS'] }}" tls_config: insecure_skip_verify: true scheme: https static_configs: - targets: -{% for host in groups["scoreboard"] %} - - {{ hostvars[host].ansible_host }}:9100 +{% for host in groups[group_prefix+"domserver"] %} + - {{ hostvars[host].ansible_host }}:9253 {% endfor %} - - job_name: node_cds +{% endif %} +{% endfor %} + - job_name: node_grafana basic_auth: username: "prometheus" password: "{{ PROMETHEUS_PASS }}" @@ -90,23 +97,22 @@ scrape_configs: scheme: https static_configs: - targets: -{% for host in groups["cds"] %} +{% for host in groups["grafana"] %} - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: domjudge + - job_name: node_mgmt basic_auth: - username: admin - password: {{ ADMIN_PASSWORD }} - metrics_path: /api/v4/metrics/prometheus - scheme: https + username: "prometheus" + password: "{{ PROMETHEUS_PASS }}" tls_config: insecure_skip_verify: true + scheme: https static_configs: - targets: -{% for host in groups["domserver"] %} - - {{ hostvars[host].ansible_host }} +{% for host in groups["mgmt"] %} + - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: 'web_nginx_cds' + - job_name: node_scoreboard basic_auth: username: "prometheus" password: "{{ PROMETHEUS_PASS }}" @@ -115,10 +121,10 @@ scrape_configs: scheme: https static_configs: - targets: -{% for host in groups["cds"] %} - - {{ hostvars[host].ansible_host }}:9113 +{% for host in groups["scoreboard"] %} + - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: 'web_nginx_scoreboard' + - job_name: node_cds basic_auth: username: "prometheus" password: "{{ PROMETHEUS_PASS }}" @@ -127,10 +133,10 @@ scrape_configs: scheme: https static_configs: - targets: -{% for host in groups["scoreboard"] %} - - {{ hostvars[host].ansible_host }}:9113 +{% for host in groups["cds"] %} + - {{ hostvars[host].ansible_host }}:9100 {% endfor %} - - job_name: 'web_nginx_domserver' + - job_name: 'web_nginx_cds' basic_auth: username: "prometheus" password: "{{ PROMETHEUS_PASS }}" @@ -139,10 +145,10 @@ scrape_configs: scheme: https static_configs: - targets: -{% for host in groups["domserver"] %} +{% for host in groups["cds"] %} - {{ hostvars[host].ansible_host }}:9113 {% endfor %} - - job_name: 'web_fpm_domserver' + - job_name: 'web_nginx_scoreboard' basic_auth: username: "prometheus" password: "{{ PROMETHEUS_PASS }}" @@ -151,6 +157,6 @@ scrape_configs: scheme: https static_configs: - targets: -{% for host in groups["domserver"] %} - - {{ hostvars[host].ansible_host }}:9253 +{% for host in groups["scoreboard"] %} + - {{ hostvars[host].ansible_host }}:9113 {% endfor %}