gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2827a45c13'
${ noResults }
hetzner-ansible/external_monitoring.yml

67 lines
2.0 KiB
YAML
Raw Blame History

---
- name: 'apply setup to {{ host | default("all") }}'
hosts: '{{ host | default("all") }}'
serial: "{{ serial_number | default(5) }}"
become: yes
tasks:
- name: "Set VARs"
set_fact:
prometheus_endpoints_all_stages:
- "{{ lookup('community.general.dig', 'dev-prometheus-01.' + domain ) }}"
- "{{ lookup('community.general.dig', 'qa-prometheus-01.' + domain ) }}"
- "{{ lookup('community.general.dig', 'prodnso-prometheus-01.' + domain ) }}"
k8s_nodes_mobene:
- "{{ lookup('community.general.dig', 'prodwork01-kube-node-01.' + domain ) }}"
- "{{ lookup('community.general.dig', 'prodwork01-kube-node-02.' + domain ) }}"
- "{{ lookup('community.general.dig', 'prodwork01-kube-node-03.' + domain ) }}"
- "{{ lookup('community.general.dig', 'prodwork01-kube-node-04.' + domain ) }}"
- "{{ lookup('community.general.dig', 'prodwork01-kube-node-05.' + domain ) }}"
- name: "Allow SSH in UFW"
ufw:
rule: limit
port: 22
proto: tcp
src: "{{ item }}"
loop: "{{ ip_whitelist }}"
- name: "Allow port 9100 for node-exporter in UFW"
ufw:
rule: allow
port: 9100
proto: tcp
src: "{{ item }}"
loop: "{{ prometheus_endpoints_all_stages }}"
- name: "Allow port 9115 for blackbox-exporter in UFW"
ufw:
rule: allow
port: 9115
proto: tcp
src: "{{ item }}"
loop: "{{ prometheus_endpoints_all_stages + ip_whitelist + k8s_nodes_mobene }}"
- name: "Set firewall default policy"
ufw:
state: enabled
policy: reject
- name: "configure ssh_hardening"
include_role:
# include role from collection called 'devsec'
name: devsec.hardening.ssh_hardening
apply:
tags:
- ssh_hardening
tags:
- ssh_hardening
- name: "Install blackbox-exporter via include_role"
include_role:
name: cloudalchemy.blackbox-exporter
apply:
tags:
- blackbox
tags:
- blackbox
Reference in New Issue View Git Blame Copy Permalink