No log

playbooks/clean_logs.yml

@@ -0,0 +1,29 @@
+---
+- name: Clean log directory
+  hosts: all
+  become: true
+  tasks:
+    - name: Find files in directory ending in .log or .log.tgz larger than 1GB
+      ansible.builtin.find:
+        paths: /var/log
+        patterns: 'testlog.*'
+        size: 1g
+      register: logfiles
+
+   #  - name: Copy files to archive server
+   #    ansible.builtin.copy:
+   #      src: "{{ item.path }}"
+   #      dest: "{{ archive_server_path }}/{{ item.path | basename }}"
+   #    delegate_to: "{{ archive_server }}"
+   #    loop: "{{ logfiles.files |flatten(levels=1) }}"
+
+    - name: Delete files
+      ansible.builtin.file:
+        path: "{{ item.path }}"
+        state: absent
+      loop: "{{ logfiles.files | flatten(levels=1) }}"
+      register: deleted_files
+
+    - name: Dump details on deletion
+      ansible.builtin.debug:
+        var: deleted_files

playbooks/install_appwrite.yml

@@ -47,10 +47,10 @@
     - name: Ensure appwrite image pulled from docker hub
       containers.podman.podman_image:
         name: docker.io/appwrite/appwrite
-        tag: 1.4.13
+        tag: 1.5.1
 
     - name: Ensure podman-compose.yml deployed
       ansible.builtin.copy:
-        src: podman-compose.yml
+        src: files/container-compose.yml
         dest: /home/ptoal/appwrite
         mode: '0644'

playbooks/install_nginx.yml

@@ -3,7 +3,10 @@
   hosts: all
   become: true
   tasks:
-
+    # This is incomplete
+    # - name: Certificates Installed
+    #   ansible.builtin.include_tasks:
+    #     file: upate_certificates.yml
     - name: Nginx Installed
       ansible.builtin.include_role:
         name: nginxinc.nginx_core.nginx

playbooks/investigate_high_cpu.yml

@@ -0,0 +1,62 @@
+---
+- name: Investigate High CPU
+  hosts: all
+  become: true
+  tasks:
+    - name: Gather information on top CPU consuming processes
+      ansible.builtin.command:
+        cmd: 'ps -eo pid,ppid,%mem,%cpu,cmd --sort=-%cpu'
+      register: processes_cpu
+      changed_when: false
+
+    - name: Gather information on top Memory consuming processes
+      ansible.builtin.command:
+        cmd: 'ps -eo pid,ppid,%mem,%cpu,cmd --sort=-%mem'
+      register: processes_mem
+      changed_when: false
+
+- name: Open Incident
+  hosts: all
+  tasks:
+    - name: Create Problem Template # noqa: no-relative-paths
+      ansible.builtin.template:
+        mode: '0644'
+        src: '../templates/cpuhog_ticket.j2'
+        dest: /tmp/cpuhog_details.txt
+      delegate_to: localhost
+
+    - name: Create SNow Incident
+      servicenow.itsm.incident:
+        instance: '{{ snow_instance }}'
+        state: new
+        caller: "admin"
+        short_description: "CPUHog event detected on: {{ ansible_eda.event.alert.labels.instance }}"
+        description: "A CPUHog was detected on: {{ ansible_eda.event.alert.labels.instance }} that needs to be investigated."
+        impact: high
+        urgency: high
+      delegate_to: localhost
+      register: incident_result
+
+    - name: Create SNow Problem
+      servicenow.itsm.problem:
+        instance: '{{ snow_instance }}'
+        state: new
+        short_description: "{{ alertmanager_annotations.summary }}"
+        description: "Generator URL: {{ alertmanager_generator_url }}"
+        impact: high
+        urgency: high
+        attachments:
+          - path: /tmp/cpuhog_details.txt
+            name: cpuhog_details.txt
+            type: 'text/plain'
+      register: problem_result
+      delegate_to: localhost
+
+    - name: Update Incident
+      servicenow.itsm.incident:
+        instance: '{{ snow_instance }}'
+        state: in_progress
+        number: "{{ incident_result.record.number }}"
+        other:
+          problem_id: "{{ problem_result.record.number }}"
+      delegate_to: localhost

playbooks/provision_users.yml

@@ -24,6 +24,7 @@
       register: appwrite_api_result
       loop: '{{ bab_users }}'
       delegate_to: localhost
+      no_log: true
 
     - name: Display response
       ansible.builtin.debug:

playbooks/update_certificates.yml

@@ -0,0 +1,51 @@
+---
+- name: Request and INstall Certs from Red Hat IdM
+  hosts: webservers
+  become: true
+
+  tasks:
+    - name: Ensure the IPA client and OpenSSL are installed
+      ansible.builtin.package:
+        name:
+          - ipa-client
+          - openssl
+        state: present
+
+    - name: Generate private key
+      community.crypto.openssl_privatekey:
+        path: "{{ key_path }}"
+        size: 2048
+
+    - name: Generate CSR
+      community.crypto.openssl_csr:
+        path: "{{ csr_path }}"
+        privatekey_path: "{{ key_path }}"
+        common_name: "{{ ansible_fqdn }}"
+        subject: "{{ cert_subject }}"
+        key_usage:
+          - digitalSignature
+          - keyEncipherment
+        extended_key_usage:
+          - serverAuth
+
+    - name: Request a certificate from IdM
+      redhat.rhel_idm.ipacert:
+        ipaadmin_password: "{{ ipa_admin_password }}"
+        csr_path: "{{ csr_path }}"
+        principal: "HTTP/{{ ansible_fqdn }}@{{ ipa_domain }}"
+        cert_profile: "HTTP_Server"
+        cert_out_path: "{{ cert_path }}"
+      register: cert_result
+
+    - name: Install the certificate
+      ansible.builtin.copy:
+        content: "{{ cert_result.certificate }}"
+        dest: "{{ cert_path }}"
+      notify:
+        - restart web server
+
+  handlers:
+    - name: restart web server
+      ansible.builtin.service:
+        name: httpd
+        state: restarted

rulebooks/alertmanager_listener.yml

@@ -4,17 +4,45 @@
   sources:
     - name: Ansible Alertmanager listener
       ansible.eda.alertmanager:
-        port: 9100
+        port: 9101
         host: 0.0.0.0
   rules:
-    - name: Run Template
+    - name: Resolve Disk Usage
       condition:
         all:
-          - event.payload.data.artifact_url is defined
-      action:
-        run_job_template:
-          name: bab-deploy-application
-          organization: OYS
-          job_args:
-            extra_vars:
-              artifact_url: "{{ event.payload.data.artifact_url }}"
+          - event.alert.labels.org == "OYS" and event.alert.status == "firing"
+            and event.alert.labels.alertname == "root filesystem over 80% full"
+      actions:
+        - run_job_template:
+            name: Demo - Clean Log Directory
+            organization: OYS
+            job_args:
+              extra_vars:
+                alertmanager_annotations: "{{ event.alert.annotations }}"
+                alertmanager_generator_url: "{{ event.alert.generatorURL }}"
+                event_mountpoint: "{{ event.alert.labels.mountpoint }}"
+                alertmanager_instance: "{{ event.alert.labels.instance }}"
+
+    - name: Investigate High CPU
+      condition:
+        all:
+          - event.alert.labels.org == "OYS" and event.alert.status == "firing"
+            and event.alert.labels.alertname == "ProcessCPUHog"
+      actions:
+        - print_event:
+            pretty: true
+        - run_job_template:
+            name: Demo - Investigate High CPU
+            organization: OYS
+            job_args:
+              extra_vars:
+                alertmanager_annotations: "{{ event.alert.annotations }}"
+                alertmanager_generator_url: "{{ event.alert.generatorURL }}"
+                event_severity: "{{ event.alert.labels.severity }}"
+                alertmanager_instance: "{{ event.alert.labels.instance }}"
+
+    - name: Test Contact Point
+      condition: event.alert.labels.alertname == "TestAlert" and event.alert.labels.org == "OYS"
+      actions:
+        - print_event:
+            pretty: true

templates/cpuhog_ticket.j2

@@ -0,0 +1,19 @@
+= CPUHog Report =
+A high CPU event was triggered from AlertManager.
+
+{% if ansible_eda is defined %}
+Annotations: "{{ ansible_eda.event.alert.annotations }}"
+Generator URL: "{{ ansible_eda.event.alert.generatorURL }}"
+Severity: "{{ ansible_eda.event.alert.labels.severity }}"
+Instance: "{{ ansible_eda.event.alert.labels.instance }}"
+{% endif %}
+
+** Top CPU Consumers **
+{% for line in processes_cpu.stdout_lines[0:10] %}
+{{ line }}
+{% endfor %}
+
+** Top Memory Consumers **
+{% for line in processes_mem.stdout_lines[0:10] %}
+{{ line }}
+{% endfor %}