-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathplaybook.yml
60 lines (55 loc) · 1.85 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
- hosts: "{{target}}"
remote_user: vagrant
sudo: True
vars:
user: root
graphite:
version: master
timezone: Europe/Paris
workers: 4
secret_key: 'ob3sow^ik#4q(k5*tgw&6j+osyr^@0jus$yd+-#^&^d#%yim1!'
nginx_server_port: 8082 ## port on which you can access Graphite, port 80 is reserved for grafana, if you use 80 you won't be able to access graphite
nginx_server_name: stats.mywebsite.dev
nginx_htpasswd: 'admin:YWG41BPzVAkN6'
nginx_enable_ssl: true
nginx_server_port_ssl: 8083 ## port to use for SSL (443 is reserved for grafana)
nginx_ssl_path: "/etc/nginx/ssl/grafana"
nginx_ssl_cert: ssl_certif.pem
nginx_ssl_key: ssl_certif.key
carbon:
host: 0.0.0.0
ssl: no
db_graphite:
name: graphite
user: graphite
password: graphite
grafana_version: 1.6.1
grafana_nginx_listen: "{{target}}" # nginx listen address, `127.0.0.1` by default, you need to use the public ip with you want an external access
grafana_nginx_server_name: stats.mywebsite.dev
grafana_nginx_htpasswd: 'admin:YWG41BPzVAkN6'
grafana_nginx_enable_ssl: true
grafana_nginx_ssl_path: "/etc/nginx/ssl/grafana" ## Folder where the SSL files will be added, default to /etc/nginx/ssl
grafana_nginx_ssl_cert: ssl_certif.pem
grafana_nginx_ssl_key: ssl_certif.key
roles:
- common
- zsh
- python
- supervisor
- role: nginx
nginx_sites: none
- postgres
- graphite
- nodejs
- statsd
- elasticsearch
- grafana
tasks:
- ufw: state=reset
- ufw: state=enabled policy=allow
- ufw: rule=reject port=auth log=yes
- ufw: logging=on
#- ufw: rule=allow proto=any src=X.X.X.X port=8125 log=yes insert=1
#- ufw: rule=deny port=8125 proto=any log=yes insert=2
#- ufw: rule=deny port=8126 proto=any log=yes insert=3