openstack/openstack-ansible-ops
Code Issues Proposed changes
506463b241
openstack-ansible-ops/overlay-inventories/osa-integration-inventory.yml
Kevin Carter 271ff6a09c Add project directory to overlay inventories 
The use of an overlay inventory has now been added to a stand alone
directory which should help deployers understand how this could work
within their environments. Inventory configuration has been updated to
show this working in the various projects that have tests and could
benefit from an overlay inventory.

Change-Id: I1681fce160b43e9127851f06ae05ff5eaabe852f
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2019-01-16 22:25:11 +00:00

162 lines
6.9 KiB
YAML
Raw Blame History

---
all_systems:
vars: {}
children:
systems:
vars:
# General Ansible options for OSA
ansible_become: yes
ansible_become_user: "root"
ansible_user: "root"
## Grafana options
grafana_admin_password: "{{ haproxy_stats_password }}"
## Kolide options
kolide_fleet_db_password: "{{ haproxy_stats_password }}"
kolide_fleet_jwt_key: "{{ haproxy_stats_password }}"
kolide_fleet_admin_password: "{{ haproxy_stats_password }}"
galera_root_password: "{{ galera_root_password | default(haproxy_stats_password) }}"
## Skydive options
skydive_password: "{{ haproxy_stats_password }}"
skydive_elasticsearch_servers: "{{ groups['elastic-logstash'] | map('extract', hostvars, ['ansible_host']) | list | join(',') }}"
skydive_bind_address: "{{ container_address | default(ansible_host) }}"
## Elastic-stack options
elastic_skydive_retention: 2 # Elastic retention set to 2 days max
elastic_skydive_size: 51200 # Elastic retention set to 50GiB max
## Beat options
beat_service_states:
true:
state: restarted
false:
state: stopped
elastic_retention_refresh: true
auditbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}"
filebeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}"
heartbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['utility_all'] | default([])) | string | lower)]['state'] }}"
journalbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}"
metricbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['hosts'] | default([])) | string | lower)]['state'] }}"
packetbeat_service_state: "{{ beat_service_states[(inventory_hostname in (groups['network_hosts'] | default([])) | string | lower)]['state'] }}"
## HAProxy options
haproxy_extra_services:
- service:
haproxy_service_name: skydive_analyzer
haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}"
haproxy_bind: "{{ [internal_lb_vip_address] }}"
haproxy_port: 8082
haproxy_balance_type: http
haproxy_ssl: true
haproxy_backend_options:
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
- service:
haproxy_service_name: traefik
haproxy_backend_nodes: "{{ groups['skydive_analyzers'] | default([]) }}"
haproxy_bind: "{{ [internal_lb_vip_address] }}"
haproxy_port: 8090
haproxy_balance_type: http
haproxy_ssl: true
haproxy_backend_options:
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
haproxy_backend_httpcheck_options:
- expect rstatus 200|401
- service:
haproxy_service_name: elasticsearch
haproxy_backend_nodes: "{{ groups['elastic-logstash'] | default([]) }}"
haproxy_ssl: True
haproxy_port: 9201
haproxy_backend_port: 9200
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
- service:
haproxy_service_name: kibana_ssl
haproxy_backend_nodes: "{{ groups['kibana'] | default([]) }}"
haproxy_ssl: True
haproxy_port: 8443
haproxy_backend_port: 81
haproxy_balance_type: tcp
haproxy_backend_options:
- tcpka
- service:
haproxy_service_name: apm-server
haproxy_backend_nodes: "{{ groups['apm-server'] | default([]) }}"
haproxy_ssl: True
haproxy_port: 8200
haproxy_balance_type: tcp
haproxy_backend_options:
- tcpka
- service:
haproxy_service_name: kolide-fleet
haproxy_backend_nodes: "{{ groups['kolide-fleet_all'] | default([]) }}"
haproxy_ssl: True
haproxy_port: 6443
haproxy_check_port: 443
haproxy_backend_port: 443
haproxy_balance_type: tcp
haproxy_backend_options:
- tcpka
- service:
haproxy_service_name: grafana
haproxy_backend_nodes: "{{ groups['grafana_all'] | default([]) }}"
haproxy_ssl: True
haproxy_port: 3000
haproxy_balance_type: http
haproxy_backend_options:
- "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
children:
traefik_all:
children:
traefik_build_nodes: {}
skydive_all:
children:
skydive_build_nodes: {}
skydive_agents:
children:
hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
skydive_analyzers:
children:
utility_all: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
elk_all:
children:
elastic-logstash_all:
children:
elastic-logstash:
children:
log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
kibana_all:
children:
kibana:
children:
log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
fleet_all:
children:
kolide-db_all:
children:
kolide-db:
children:
log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
kolide-fleet_all:
children:
kolide-fleet:
children:
log_hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
osquery_all:
children:
osquery:
children:
hosts: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
grafana_all:
children:
grafana:
children:
utility_all: {} # This is an osa native group, as such nothing needs to be added. Values will be inherited.
View Git Blame Copy Permalink