Skip to content
Snippets Groups Projects
Commit b295078a authored by ale's avatar ale
Browse files

Add asset tracking service

parent 9723bd5c
No related branches found
No related tags found
1 merge request!242Add asset tracking service
Pipeline #24181 failed
......@@ -43,3 +43,6 @@
roles:
- float-infra-sso-server
- hosts: assets
roles:
- float-infra-assetmon
......@@ -38,6 +38,9 @@ DEFAULT_SERVICE_CREDENTIALS = [
{
'name': 'auth-server',
},
{
'name': 'assetmon-client',
},
]
......
---
- name: Configure asset tracking
template:
src: "assetmon.default.j2"
dest: "/etc/default/assetmon"
- include_tasks: docker.yml
when: "container_runtime == 'docker'"
......
OPTIONS="--server=https://assets.{{ domain }}:3798 --tls-cert=/etc/credentials/x509/assetmon-client/client/cert.pem --tls-key=/etc/credentials/x509/assetmon-client/client/private_key.pem --tls-ca=/etc/credentials/x509/assetmon-client/ca.pem"
......@@ -123,6 +123,7 @@
- auditd
- audisp-json
- prometheus-node-exporter
- assetmon
- name: Install extra packages
apt:
......
---
- listen: reload assetmon
systemd:
name: docker-assets-http.service
state: restarted
---
- name: Create /etc/assetmon
file:
path: "/etc/assetmon"
state: directory
owner: root
group: docker-assets
mode: 0750
- name: Configure asset tracking server
template:
src: "server.yml.j2"
dest: "/etc/assetmon/server.yml"
owner: root
group: docker-assets
mode: 0640
notify: reload assetmon
db_uri: /var/lib/assetmon/assets.db
http_server:
request_timeout: 30
tls:
cert: "/etc/credentials/x509/assetmon/server/cert.pem"
key: "/etc/credentials/x509/assetmon/server/private_key.pem"
ca: "/etc/credentials/x509/assetmon/ca.pem"
acl:
allow:
- path: "/api/v1/.*"
cn: "assetmon-client.investici.org"
- path: ".*"
cn: ".*"
......@@ -339,3 +339,28 @@ acme:
systemd_services:
- acmeserver.service
assets:
num_instances: 1
scheduling_group: backend
service_credentials:
- name: assetmon
containers:
- name: http
image: registry.git.autistici.org/ai3/tools/assetmon:master
volumes:
- /etc/assetmon/server.yml: /etc/assetmon/server.yml
- /var/lib/assetmon: /var/lib/assetmon
ports:
- 3798
monitoring_endpoints:
- job_name: assets
port: 3798
scheme: https
public_endpoints:
- name: assets
port: 3798
scheme: https
datasets:
- name: db
path: /var/lib/assetmon
owner: docker-assets
......@@ -267,3 +267,28 @@ acme:
systemd_services:
- acmeserver.service
assets:
num_instances: 1
scheduling_group: backend
service_credentials:
- name: assetmon
containers:
- name: http
image: registry.git.autistici.org/ai3/tools/assetmon:master
volumes:
- /etc/assetmon/server.yml: /etc/assetmon/server.yml
- /var/lib/assetmon: /var/lib/assetmon
ports:
- 3798
monitoring_endpoints:
- job_name: assets
port: 3798
scheme: https
public_endpoints:
- name: assets
port: 3798
scheme: https
datasets:
- name: db
path: /var/lib/assetmon
owner: docker-assets
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment