Double timeouts for monitoring (#74)

We're getting excessive warnings. I've pulled these numbers out of thin air, opinions welcome. --------- Co-authored-by: Daniel Matthews <[email protected]>
UCL-MIRSG · Feb 16, 2024 · 3a09e67 · 3a09e67
1 parent e8bb00a
commit 3a09e67
Show file tree

Hide file tree

Showing 22 changed files with 70 additions and 31 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 warn_list:
   - no-handler
   - galaxy[no-changelog]

diff --git a/.github/workflows/add-issue-to-project.yml b/.github/workflows/add-issue-to-project.yml
@@ -1,5 +1,6 @@
 name: Add issue to project
 
+# yamllint disable-line rule:truthy
 on:
   issues:
     types:

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -1,5 +1,6 @@
 name: Linting
 
+# yamllint disable-line rule:truthy
 on:
   push:
     branches:

diff --git a/.github/workflows/molecule-firewalld.yml b/.github/workflows/molecule-firewalld.yml
@@ -1,4 +1,7 @@
+---
 name: Test firewalld
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-install-xnat.yml b/.github/workflows/molecule-install-xnat.yml
@@ -1,4 +1,6 @@
 name: Test install_xnat playbook
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-monitoring.yml b/.github/workflows/molecule-monitoring.yml
@@ -1,4 +1,7 @@
+---
 name: Test install_monitoring playbook
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-nginx.yml b/.github/workflows/molecule-nginx.yml
@@ -1,4 +1,7 @@
+---
 name: Test nginx
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-postgresql.yml b/.github/workflows/molecule-postgresql.yml
@@ -1,4 +1,7 @@
+---
 name: Test PostgreSQL
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-provision.yml b/.github/workflows/molecule-provision.yml
@@ -1,4 +1,7 @@
+---
 name: Test provision
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-provision_accounts.yml b/.github/workflows/molecule-provision_accounts.yml
@@ -1,4 +1,7 @@
+---
 name: Test provision_accounts
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule-python.yml b/.github/workflows/molecule-python.yml
@@ -1,4 +1,7 @@
+---
 name: Test Python
+
+# yamllint disable-line rule:truthy
 on:
   pull_request:
     paths:

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
@@ -1,4 +1,7 @@
+---
 name: Test with Molecule
+
+# yamllint disable-line rule:truthy
 on:
   workflow_call:
     inputs:

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,5 +1,6 @@
+---
 repos:
   - repo: https://github.com/UCL-MIRSG/.github
-    rev: v0.40.0
+    rev: v0.47.0
     hooks:
       - id: mirsg-hooks
diff --git a/.renovaterc.json b/.renovaterc.json
@@ -36,15 +36,15 @@
   "customManagers": [
     {
       "customType": "regex",
-      "description": "Update Tomcat version specfied in playbooks/group_vars/web.yml",
+      "description": "Update Tomcat version specified in playbooks/group_vars/web.yml",
       "fileMatch": ["(^|/)*web.yml$"],
       "matchStrings": ["tomcat_version:\\s?(?<currentValue>.*?)\\n"],
       "depNameTemplate": "org.apache.tomcat:tomcat",
       "datasourceTemplate": "maven"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["(^|/)*defaults/main.yml$"],
       "matchStrings": ["xnat_version:\\s?(?<currentValue>.*?)\\n"],
       "depNameTemplate": "xnatdev/xnat-web",
@@ -53,79 +53,79 @@
     },
     {
       "customType": "regex",
-      "description": "Update XNAT-sync plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT-sync plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["xsync-plugin-all-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatdev/xsync",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT ldap-auth plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT ldap-auth plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["ldap-auth-plugin-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatx/ldap-auth-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT Container Service plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT Container Service plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["container-service-(?<currentValue>.*?)-fat.jar"],
       "depNameTemplate": "xnatdev/container-service",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT batch launch plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT batch launch plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["batch-launch-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatx/xnatx-batch-launch-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT dax plugin specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT dax plugin specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["dax-plugin-genProcData-(?<currentValue>.*?).jar"],
       "depNameTemplate": "VUIIS/dax",
       "datasourceTemplate": "custom.VUIIS-dax"
     },
     {
       "customType": "regex",
-      "description": "Update OHIF Viewer plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update OHIF Viewer plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["ohif-viewer-(?<currentValue>.*?).jar"],
       "depNameTemplate": "icrimaginginformatics/ohif-viewer-xnat-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT ML plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT ML plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["ml-plugin-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatx/ml-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT datasets plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT datasets plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["datasets-plugin-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatx/datasets-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT image viewer plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT image viewer plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["ximgview-plugin(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatdev/xnat-image-viewer-plugin",
       "datasourceTemplate": "bitbucket-tags"
     },
     {
       "customType": "regex",
-      "description": "Update XNAT dxm plugin version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT dxm plugin version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["roles/xnat/defaults/main.yml$"],
       "matchStrings": ["dxm-settings-plugin-(?<currentValue>.*?).jar"],
       "depNameTemplate": "xnatx/xnatx-dxm-settings-plugin",
@@ -134,7 +134,7 @@
     },
     {
       "customType": "regex",
-      "description": "Update XNAT pipeline version specfied in roles/xnat/defaults/main.yml",
+      "description": "Update XNAT pipeline version specified in roles/xnat/defaults/main.yml",
       "fileMatch": ["(^|/)*defaults/main.yml$"],
       "matchStrings": ["xnat_pipeline_version:\\s?(?<currentValue>.*?)\\n"],
       "depNameTemplate": "NrgXnat/xnat-pipeline-engine",

diff --git a/roles/install_python/tasks/check_default_version.yml b/roles/install_python/tasks/check_default_version.yml
@@ -2,15 +2,21 @@
 - name: Check if Python 2 is the default version for the OS
   ansible.builtin.set_fact:
     default_python_version: "2"
-  when: >
-    (ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int < 8) or
-    (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int < 10) or
-    (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int < 18)
+  when: >-
+    (ansible_os_family == 'RedHat') and
+    (ansible_distribution_major_version | int < 8) or
+    (ansible_distribution == 'Debian') and
+    (ansible_distribution_major_version | int < 10) or
+    (ansible_distribution == 'Ubuntu') and
+    (ansible_distribution_major_version | int < 18)
 
 - name: Check if Python 3 is the default version for the OS
   ansible.builtin.set_fact:
     default_python_version: "3"
-  when: >
-    (ansible_os_family == 'RedHat') and (ansible_distribution_major_version | int >= 8) or
-    (ansible_distribution == 'Debian') and (ansible_distribution_major_version | int >= 10) or
-    (ansible_distribution == 'Ubuntu') and (ansible_distribution_major_version | int >= 18)
+  when: >-
+    (ansible_os_family == 'RedHat') and
+    (ansible_distribution_major_version | int >= 8) or
+    (ansible_distribution == 'Debian') and
+    (ansible_distribution_major_version | int >= 10) or
+    (ansible_distribution == 'Ubuntu') and
+    (ansible_distribution_major_version | int >= 18)
diff --git a/roles/monitoring_server/handlers/main.yml b/roles/monitoring_server/handlers/main.yml
@@ -1,3 +1,4 @@
+---
 - name: Restart prometheus
   community.docker.docker_container:
     name: "{{ monitoring_server_prometheus.container_name }}"

diff --git a/roles/monitoring_server/templates/prometheus_rules.yml.j2 b/roles/monitoring_server/templates/prometheus_rules.yml.j2
@@ -3,7 +3,7 @@ groups:
     rules:
       - alert: SSLCertExpiringSoon
         expr: probe_ssl_earliest_cert_expiry - time() < 60 * 60 * 24 * 14
-        for: 1m
+        for: 2m
         labels:
           severity: warning
         annotations:
@@ -13,7 +13,7 @@ groups:
     rules:
       - alert: EndpointDown
         expr: probe_success == 0
-        for: 1m
+        for: 5m
         labels:
           severity: critical
         annotations:
@@ -40,17 +40,17 @@ groups:
           description: "Instance memory usage more than 90% within 5 minutes, value:{{ $labels.value }}%"
 
       - alert: CpuLoadHigh
-        expr: 100 - avg by(instance)(rate(node_cpu_seconds_total{mode="idle"}[5m]))*100 > 90
+        expr: 100 - avg by(instance)(rate(node_cpu_seconds_total{mode="idle"}[10m]))*100 > 90
         for: 0m
         labels:
           severity: warning
         annotations:
           summary: Instance cpu load high (Instance:{{ $labels.instance }})
-          description: "Instance cpu load more than 90% within 5 minutes, value: {{ $labels.value }}%"
+          description: "Instance cpu load more than 90% within 10 minutes, value: {{ $labels.value }}%"
 
       - alert: FilesystemFull
         expr: 100 - node_filesystem_free_bytes{mountpoint!~"/*|/boot.*|/run.*"}/node_filesystem_size_bytes*100 > 90
-        for: 5m
+        for: 10m
         labels:
           severity: warning
         annotations:

diff --git a/roles/nginx/molecule/resources/files/app.py b/roles/nginx/molecule/resources/files/app.py
@@ -2,6 +2,7 @@
 
 app = Flask(__name__)
 
+
 @app.route("/")
 def index():
     return "<h1>Hello World!</h1>"
diff --git a/roles/postgresql/molecule/centos7/molecule.yml b/roles/postgresql/molecule/centos7/molecule.yml
@@ -1,3 +1,4 @@
 ---
 # test this scenario from the roles/postgresql directory with the command
-# molecule --base-config ../../molecule_configs/centos7_base_config.yml test --scenario centos7
+# molecule --base-config ../../molecule_configs/centos7_base_config.yml
+# test --scenario centos7
diff --git a/roles/provision_accounts/README.md b/roles/provision_accounts/README.md
@@ -10,7 +10,7 @@ There are several variables that **must be set** to use this role.
 containing:
 
 - `username`: The name of the user
-- `crypted_password`: Encrypted user password.
+- `encrypted_password`: Encrypted user password.
 
 `os_user_groups`: OS groups the user should belong to expressed as a single
 string with commas separating each group.

diff --git a/roles/provision_accounts/molecule/resources/inventory/group_vars/all.yml b/roles/provision_accounts/molecule/resources/inventory/group_vars/all.yml
@@ -2,6 +2,6 @@
 # mirsg.infrastructure.provision_accounts
 os_users:
   - username: test-user
-    crypted_password: $6$TSoIGqmpZJw24vqP$lrhHcIeuv3oi8kpBu3SVyqPeTLuXi5TJf5u7hUOY0vRb4MXWTp1Z/gsjAwC28EQrVnKOJwpw00tN8ExM6AoIC.
+    encrypted_password: $6$TSoIGqmpZJw24vqP$lrhHcIeuv3oi8kpBu3SVyqPeTLuXi5TJf5u7hUOY0vRb4MXWTp1Z/gsjAwC28EQrVnKOJwpw00tN8ExM6AoIC.
 
 os_users_groups: "wheel"
diff --git a/roles/provision_accounts/tasks/main.yml b/roles/provision_accounts/tasks/main.yml
@@ -6,6 +6,6 @@
     state: present
     groups: "{{ os_users_groups }}"
     append: true
-    password: "{{ item.crypted_password }}"
+    password: "{{ item.encrypted_password }}"
     update_password: always
   loop: "{{ os_users }}"