Dustin C. Hatch
19009bde1a
Promtail is the log sending client for Grafana Loki. For traditional Linux systems, an RPM package is available from upstream, making installation fairly simple. Configuration is stored in a YAML file, so again, it's straightforward to configure via Ansible variables. Really, the only interesting step is adding the _promtail_ user, which is created by the RPM package, to the _systemd-journal_ group, so that Promtail can read the systemd journal files.
103 lines
2.5 KiB
YAML
103 lines
2.5 KiB
YAML
sshca_url: https://sshca.pyrocufflink.blue
|
|
ssh_trusted_user_ca_keys: >-
|
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyi18IfxAf9wLnyffnMrThYpqxVwu0rsuiLoqW6rcwF sshca.pyrocufflink.blue
|
|
|
|
certbot_account_email: dustin@hatch.name
|
|
smtp:
|
|
mode: relay
|
|
host: mail.pyrocufflink.blue
|
|
|
|
dch_networks:
|
|
jazz:
|
|
description: Legacy network
|
|
vlan_id: 1
|
|
ipv4_address: 172.31.0.0/27
|
|
router_iface: vlan1
|
|
dns_search:
|
|
- pyrocufflink.jazz
|
|
dns_servers:
|
|
- fd99:8cd7:6528:fe1e::4:1
|
|
- fd99:8cd7:6528:fe1e::3:1
|
|
dns_servers_v4:
|
|
- 172.30.0.4
|
|
sla_id: 1
|
|
ntp_servers:
|
|
- tyrande.pyrocufflink.jazz
|
|
|
|
mgmt:
|
|
description: Management network
|
|
vlan_id: 10
|
|
router_iface: vlan10
|
|
ipv4_address: 172.30.0.240/28
|
|
ntp_servers:
|
|
- dc0.pyrocufflink.blue
|
|
dns_servers_v4:
|
|
- 172.30.0.4
|
|
|
|
blue:
|
|
description: pyrocufflink.blue AD domain members only
|
|
vlan_id: 30
|
|
ipv4_address: 172.30.0.0/26
|
|
ipv6_address: fd99:8cd7:6528:fe1e::/64
|
|
router_iface: vlan30
|
|
dns_search:
|
|
- pyrocufflink.blue
|
|
dns_servers:
|
|
- fd99:8cd7:6528:fe1e::4:1
|
|
- fd99:8cd7:6528:fe1e::3:1
|
|
dns_servers_v4:
|
|
- 172.30.0.4
|
|
sla_id: 30
|
|
ntp_servers:
|
|
- dc0.pyrocufflink.blue
|
|
|
|
red:
|
|
description: Non-domain member machines
|
|
vlan_id: 101
|
|
ipv4_address: 172.31.1.0/24
|
|
router_iface: vlan101
|
|
dns_servers:
|
|
- fd99:8cd7:6528:fe1e::4:1
|
|
- fd99:8cd7:6528:fe1e::3:1
|
|
dns_servers_v4:
|
|
- 172.30.0.4
|
|
sla_id: 101
|
|
ntp_servers:
|
|
- dc0.pyrocufflink.blue
|
|
|
|
guest:
|
|
description: Guest Wi-Fi
|
|
vlan_id: 100
|
|
ipv4_address: 172.24.100.0/24
|
|
router_iface: vlan100
|
|
|
|
dmz:
|
|
description: DMZ
|
|
vlan_id: 254
|
|
router_iface: vlan254
|
|
|
|
|
|
firemon_networks:
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/20
|
|
- 172.24.16.0/20
|
|
- 172.28.33.0/24
|
|
- 10.64.11.0/24
|
|
|
|
promtail_clients:
|
|
- url: https://loki.pyrocufflink.blue/loki/api/v1/push
|
|
tls_config:
|
|
ca_file: /etc/promtail/ca.crt
|
|
promtail_ca: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIBgTCCATOgAwIBAgIUTf/ZBSJEi8IQb8Ndoxp4/tHB/lcwBQYDK2VwMEAxCzAJ
|
|
BgNVBAYTAlVTMRgwFgYDVQQKDA9EdXN0aW4gQy4gSGF0Y2gxFzAVBgNVBAMMDkRD
|
|
SCBSb290IENBIFIzMB4XDTI0MDIxNzIwMjkzNloXDTM0MDIxNzIwMjkzNlowQDEL
|
|
MAkGA1UEBhMCVVMxGDAWBgNVBAoMD0R1c3RpbiBDLiBIYXRjaDEXMBUGA1UEAwwO
|
|
RENIIFJvb3QgQ0EgUjMwKjAFBgMrZXADIQDORylVcWcxwGDJvsJIc2NctfNfDaIU
|
|
T6mLebahKdshaKM/MD0wHQYDVR0OBBYEFLZoxAHBvWqbLWMga/DAAlG9ido5MA8G
|
|
A1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMAUGAytlcANBANLV79joVd9s9bmL
|
|
0a91HqvOotOnN/416Ek4UTl95jIqy/TvTfRjXX56wSALXqP1iYQM5i3zk3gVEhh4
|
|
DaY+6wQ=
|
|
-----END CERTIFICATE-----
|