r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
27fab11f78c15372dadd72eef204f4b6fa5fe7e6
ouranos/ansible/inventory/host_vars/prospero.incus.yml
Robert Helewka b4d60f2f38 docs: rewrite README with structured overview and quick start guide 
Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.
2026-03-03 12:49:06 +00:00

142 lines
4.9 KiB
YAML
Raw Blame History

---
# Prospero Configuration - PPLG Observability & Admin Stack
# Services: pplg (PgAdmin, Prometheus, Loki, Grafana + HAProxy + OAuth2-Proxy)
services:
- alloy
- pplg
# Alloy
alloy_log_level: "warn"
# ============================================================================
# PPLG HAProxy Configuration
# ============================================================================
pplg_haproxy_user: haproxy
pplg_haproxy_group: haproxy
pplg_haproxy_uid: 800
pplg_haproxy_gid: 800
pplg_haproxy_domain: "ouranos.helu.ca"
pplg_haproxy_cert_path: /etc/haproxy/certs/ouranos.pem
pplg_haproxy_stats_port: 8404
pplg_haproxy_syslog_port: 51405
# ============================================================================
# Grafana
# ============================================================================
# Grafana Datasources
prometheus_datasource_name: Prospero-Prometheus
prometheus_host: prospero.incus
prometheus_port: 9090
prometheus_datasource_uid: prospero-prometheus
loki_datasource_name: Prospero-Loki
loki_host: prospero.incus
loki_port: 3100
loki_datasource_uid: prospero-loki
# Grafana Users
grafana_admin_name: "{{ vault_grafana_admin_name }}"
grafana_admin_login: "{{ vault_grafana_admin_login }}"
grafana_admin_password: "{{ vault_grafana_admin_password }}"
grafana_viewer_name: "{{ vault_grafana_viewer_name }}"
grafana_viewer_login: "{{ vault_grafana_viewer_login }}"
grafana_viewer_password: "{{ vault_grafana_viewer_password }}"
# Grafana OAuth (Casdoor SSO)
grafana_oauth_enabled: true
grafana_oauth_name: "Casdoor"
grafana_oauth_client_id: "{{ vault_grafana_oauth_client_id }}"
grafana_oauth_client_secret: "{{ vault_grafana_oauth_client_secret }}"
grafana_oauth_auth_url: "https://id.ouranos.helu.ca/login/oauth/authorize"
grafana_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
grafana_oauth_api_url: "https://id.ouranos.helu.ca/api/userinfo"
grafana_oauth_scopes: "openid profile email"
grafana_root_url: "https://grafana.ouranos.helu.ca"
grafana_oauth_allow_sign_up: true
grafana_oauth_skip_tls_verify: false
# ============================================================================
# Prometheus
# ============================================================================
prometheus_user: prometheus
prometheus_group: prometheus
prometheus_scrape_interval: 15s
prometheus_evaluation_interval: 15s
alertmanager_host: prospero.incus
alertmanager_port: 9093
loki_metrics_port: 3100
prometheus_targets:
- 'oberon.incus:9100'
- 'portia.incus:9100'
- 'ariel.incus:9100'
- 'puck.incus:9100'
- 'puck.incus:25571'
- 'miranda.incus:9100'
- 'sycorax.incus:9100'
- 'prospero.incus:9100'
- 'rosalind.incus:9100'
# Prometheus OAuth2-Proxy Sidecar
prometheus_proxy_port: 9091
prometheus_oauth2_proxy_dir: /etc/oauth2-proxy-prometheus
prometheus_oauth2_proxy_version: "7.6.0"
prometheus_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
prometheus_oauth2_client_id: "{{ vault_prometheus_oauth2_client_id }}"
prometheus_oauth2_client_secret: "{{ vault_prometheus_oauth2_client_secret }}"
prometheus_oauth2_cookie_secret: "{{ vault_prometheus_oauth2_cookie_secret }}"
# ============================================================================
# Alertmanager
# ============================================================================
alertmanager_user: prometheus
alertmanager_group: prometheus
alertmanager_resolve_timeout: 5m
alertmanager_group_wait: 30s
alertmanager_group_interval: 5m
alertmanager_repeat_interval: 4h
pushover_user_key: "{{ vault_pushover_user_key }}"
pushover_api_token: "{{ vault_pushover_api_token }}"
pushover_priority: 1
pushover_retry: 30
pushover_expire: 3600
# ============================================================================
# Loki
# ============================================================================
loki_user: loki
loki_group: loki
loki_data_dir: /var/lib/loki
loki_config_dir: /etc/loki
loki_config_file: config.yml
loki_grpc_port: 9096
# ============================================================================
# PgAdmin (Gunicorn - no Apache)
# ============================================================================
pgadmin_user: pgadmin
pgadmin_group: pgadmin
pgadmin_port: 5050
pgadmin_data_dir: /var/lib/pgadmin
pgadmin_log_dir: /var/log/pgadmin
pgadmin_email: "{{ vault_pgadmin_email }}"
pgadmin_password: "{{ vault_pgadmin_password }}"
# PgAdmin OAuth (Casdoor SSO)
pgadmin_oauth_client_id: "{{ vault_pgadmin_oauth_client_id }}"
pgadmin_oauth_client_secret: "{{ vault_pgadmin_oauth_client_secret }}"
# ============================================================================
# Casdoor Metrics (for Prometheus scraping)
# ============================================================================
casdoor_metrics_host: "titania.incus"
casdoor_metrics_port: 22081
casdoor_prometheus_access_key: "{{ vault_casdoor_prometheus_access_key }}"
casdoor_prometheus_access_secret: "{{ vault_casdoor_prometheus_access_secret }}"
Reference in New Issue View Git Blame Copy Permalink