r/ouranos
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ee361ee61eab735684bb48f0f6c5d373f9bec777
ouranos/ansible/inventory/host_vars/prospero.incus.yml
Robert Helewka 0f21380fd0 refactor: remove HAProxy from Prospero, centralize TLS on Titania 
Move TLS termination and reverse proxying entirely to Titania's
HAProxy, eliminating the redundant HAProxy instance on Prospero.
Backends now communicate over plain HTTP within the internal network.

- Remove HAProxy container, config, certs, and syslog from Prospero
- Remove ssl_backend flags from Titania backend definitions
- Replace pplg_haproxy_* vars with single pplg_domain variable
- Remove HAProxy syslog source from Alloy config
- Update OAuth2-Proxy to listen on all interfaces for Titania access
2026-04-08 17:57:09 +00:00

137 lines
4.7 KiB
YAML
Raw Blame History

---
# Prospero Configuration - PPLG Observability & Admin Stack
# Services: pplg (PgAdmin, Prometheus, Loki, Grafana + OAuth2-Proxy)
ansible_user: robert
services:
- alloy
- pplg
# Alloy
alloy_log_level: "warn"
# ============================================================================
# PPLG Domain (TLS termination handled by Titania HAProxy)
# ============================================================================
pplg_domain: "ouranos.helu.ca"
# ============================================================================
# Grafana
# ============================================================================
# Grafana Datasources
prometheus_datasource_name: Prospero-Prometheus
prometheus_host: prospero.incus
prometheus_port: 9090
prometheus_datasource_uid: prospero-prometheus
loki_datasource_name: Prospero-Loki
loki_host: prospero.incus
loki_port: 3100
loki_datasource_uid: prospero-loki
# Grafana Users
grafana_admin_name: "{{ vault_grafana_admin_name }}"
grafana_admin_login: "{{ vault_grafana_admin_login }}"
grafana_admin_password: "{{ vault_grafana_admin_password }}"
grafana_viewer_name: "{{ vault_grafana_viewer_name }}"
grafana_viewer_login: "{{ vault_grafana_viewer_login }}"
grafana_viewer_password: "{{ vault_grafana_viewer_password }}"
# Grafana OAuth (Casdoor SSO)
grafana_oauth_enabled: true
grafana_oauth_name: "Casdoor"
grafana_oauth_client_id: "{{ vault_grafana_oauth_client_id }}"
grafana_oauth_client_secret: "{{ vault_grafana_oauth_client_secret }}"
grafana_oauth_auth_url: "https://id.ouranos.helu.ca/login/oauth/authorize"
grafana_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
grafana_oauth_api_url: "https://id.ouranos.helu.ca/api/userinfo"
grafana_oauth_scopes: "openid profile email"
grafana_root_url: "https://grafana.ouranos.helu.ca"
grafana_oauth_allow_sign_up: true
grafana_oauth_skip_tls_verify: false
# ============================================================================
# Prometheus
# ============================================================================
prometheus_user: prometheus
prometheus_group: prometheus
prometheus_scrape_interval: 15s
prometheus_evaluation_interval: 15s
alertmanager_host: prospero.incus
alertmanager_port: 9093
loki_metrics_port: 3100
prometheus_targets:
- 'oberon.incus:9100'
- 'portia.incus:9100'
- 'ariel.incus:9100'
- 'puck.incus:9100'
- 'puck.incus:25571'
- 'miranda.incus:9100'
- 'sycorax.incus:9100'
- 'prospero.incus:9100'
- 'rosalind.incus:9100'
# Prometheus OAuth2-Proxy Sidecar
prometheus_proxy_port: 9091
prometheus_oauth2_proxy_dir: /etc/oauth2-proxy-prometheus
prometheus_oauth2_proxy_version: "7.6.0"
prometheus_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
prometheus_oauth2_client_id: "{{ vault_prometheus_oauth2_client_id }}"
prometheus_oauth2_client_secret: "{{ vault_prometheus_oauth2_client_secret }}"
prometheus_oauth2_cookie_secret: "{{ vault_prometheus_oauth2_cookie_secret }}"
# ============================================================================
# Alertmanager
# ============================================================================
alertmanager_user: prometheus
alertmanager_group: prometheus
alertmanager_resolve_timeout: 5m
alertmanager_group_wait: 30s
alertmanager_group_interval: 5m
alertmanager_repeat_interval: 4h
pushover_user_key: "{{ vault_pushover_user_key }}"
pushover_api_token: "{{ vault_pushover_api_token }}"
pushover_priority: 1
pushover_retry: 30
pushover_expire: 3600
# ============================================================================
# Loki
# ============================================================================
loki_user: loki
loki_group: loki
loki_data_dir: /var/lib/loki
loki_config_dir: /etc/loki
loki_config_file: config.yml
loki_grpc_port: 9096
# ============================================================================
# PgAdmin (Gunicorn - no Apache)
# ============================================================================
pgadmin_user: pgadmin
pgadmin_group: pgadmin
pgadmin_port: 5050
pgadmin_data_dir: /var/lib/pgadmin
pgadmin_log_dir: /var/log/pgadmin
pgadmin_email: "{{ vault_pgadmin_email }}"
pgadmin_password: "{{ vault_pgadmin_password }}"
# PgAdmin OAuth (Casdoor SSO)
pgadmin_oauth_client_id: "{{ vault_pgadmin_oauth_client_id }}"
pgadmin_oauth_client_secret: "{{ vault_pgadmin_oauth_client_secret }}"
# ============================================================================
# Casdoor Metrics (for Prometheus scraping)
# ============================================================================
casdoor_metrics_host: "titania.incus"
casdoor_metrics_port: 22081
casdoor_prometheus_access_key: "{{ vault_casdoor_prometheus_access_key }}"
casdoor_prometheus_access_secret: "{{ vault_casdoor_prometheus_access_secret }}"
Reference in New Issue View Git Blame Copy Permalink