diff --git a/ansible/inventory/env/group_vars/all.yml b/ansible/inventory/env/group_vars/all.yml index 445a29e68..0fba91f06 100644 --- a/ansible/inventory/env/group_vars/all.yml +++ b/ansible/inventory/env/group_vars/all.yml @@ -337,7 +337,7 @@ learning_analytics_service_url: 'http://{{learningservice_ip}}:9000' #encryption Service sunbird_allowed_login: -sunbird_course_batch_notification_enabled: 'true' +sunbird_course_batch_notification_enabled: 'False' sunbird_device_register_api: "{{proto}}://{{api_proxy_name}}/v3/device/register/" sunbird_course_batch_notification_signature: sunbird diff --git a/ansible/roles/kong-api/defaults/main.yml b/ansible/roles/kong-api/defaults/main.yml index c7ff75e75..f77ab84c0 100644 --- a/ansible/roles/kong-api/defaults/main.yml +++ b/ansible/roles/kong-api/defaults/main.yml @@ -16,7 +16,7 @@ statsd_pulgin: config.port: "{{ statsd_port }}" # Default Rate limits -small_rate_limit_per_hour: 100 +small_rate_limit_per_hour: 1000 medium_rate_limit_per_hour: 5000 x_medium_rate_limit_per_hour: 5000 large_rate_limit_per_hour: 10000 @@ -31,6 +31,7 @@ premium_consumer_large_rate_limit_per_hour: 100000 small_request_size_limit: 1 medium_request_size_limit: 10 large_request_size_limit: 100 +x_large_request_size_limit: 400 # External URL's freshDesk_url: "http://dummy.freshDesk.url" @@ -78,7 +79,12 @@ asset_prefix: /asset collection_prefix: /collection question_prefix: /question questionset_prefix: /questionset - +event_prefix: /event +notification_service_prefix: /notification +content_validation_service_prefix: /contentValidation +scoring_engine_service_prefix: /scoring +hub_graph_service_prefix: /connections +workflow_handler_service_prefix: /workflow # Service URLs knowledge_mw_service_url: "http://knowledge-mw-service:5000" @@ -98,6 +104,16 @@ group_service_url: "http://groups-service:9000" analytics_api_service_url: "http://analytics-service:9000" taxonomy_service_url: "http://taxonomy-service:9000" assessment_service_url: "http://assessment-service:9000" +notification_service_url: "http://notification-service:9000" +sb_cb_ext_service_url: "http://sb-cb-ext-service:7001" +content_validation_service_url: "http://content-validation-service:6590" +scoring_engine_service_url: "http://scoring-engine-service:7014" +hub_graph_service_url: "http://hub-graph-service:4013" +workflow_handler_service_url: "http://workflow-handler-service:5099" +discussions_mw_url: "http://discussionsmw-service:3002" +nodebb_url: "http://nodebb-service:4567/discussions" +analytics_url: "http://pm-analytics-service:8091" + premium_consumer_rate_limits: - api: createContent @@ -2410,7 +2426,7 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_request_size_limit }}" - name: PrivateContentRetireAPI uris: "{{ private_content_prefix }}/v3/retire" @@ -2446,7 +2462,7 @@ kong_apis: config.hour: "{{ medium_rate_limit_per_hour }}" config.limit_by: credential - name: request-size-limiting - config.allowed_payload_size: "{{ small_request_size_limit }}" + config.allowed_payload_size: "{{ x_large_request_size_limit }}" - name: PrivateContentReviewAPI uris: "{{ private_content_prefix }}/v3/review" @@ -2512,7 +2528,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'contentSuperAdmin' + - 'contentAccess' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -2566,7 +2582,7 @@ kong_apis: - "{{ statsd_pulgin }}" - name: acl config.whitelist: - - 'userSuperAdmin' + - 'dataCreate' - name: rate-limiting config.policy: local config.hour: "{{ medium_rate_limit_per_hour }}" @@ -5947,3 +5963,1109 @@ kong_apis: config.limit_by: credential - name: request-size-limiting config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: createEvent + uris: "{{ event_prefix }}/v4/create" + upstream_url: "{{ content_service_url }}/event/v4/create" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: readEvent + uris: "{{ event_prefix }}/v4/read" + upstream_url: "{{ content_service_url }}/event/v4/read" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: updateEvent + uris: "{{ event_prefix }}/v4/update" + upstream_url: "{{ content_service_url }}/event/v4/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: publishEvent + uris: "{{ event_prefix }}/v4/publish" + upstream_url: "{{ content_service_url }}/event/v4/publish" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'courseAdmin' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: sendEmailNotificationSer + uris: "{{ notification_service_prefix }}/v1/notification/send/sync" + upstream_url: "{{ notification_service_url }}/v1/notification/send/sync" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'appUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getmandatoryContentStatus + uris: "/v1/check/mandatoryContentStatus" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/check/mandatoryContentStatus" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: assessmentSubmit + uris: "/v2/user/assessment/submit" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/user/assessment/submit" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: getTopPerformersForCourse + uris: "/v2/resources/user/cohorts/top-performers" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/resources/user/cohorts/top-performers" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getActiveUsersForCourse + uris: "/v2/resources/user/cohorts/activeusers" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/resources/user/cohorts/activeusers" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: courseAutoenrollment + uris: "/v1/autoenrollment" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/autoenrollment" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getCatalog + uris: "/v1/catalog/" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/catalog/" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: addWorkAllocation + uris: "/v2/workallocation/add" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: updateWorkAllocation + uris: "/v2/workallocation/update" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: addWorkOrder + uris: "/v2/workallocation/add/workorder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/add/workorder" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: updateWorkOrder + uris: "/v2/workallocation/update/workorder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/update/workorder" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: getWorkOrders + uris: "/v2/workallocation/getWorkOrders" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkOrders" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getWorkOrderById + uris: "/v2/workallocation/getWorkOrderById" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkOrderById" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: getWorkAllocationById + uris: "/v2/workallocation/getWorkAllocationById" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/getWorkAllocationById" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: copyWorkOrder + uris: "/v2/workallocation/copy/workOrder" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/copy/workOrder" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: getUserBasicDetails + uris: "/v2/workallocation/user/basicInfo" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/user/basicInfo" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: watAutoComplete + uris: "/v1/workallocation/users/autocomplete" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/workallocation/users/autocomplete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getWOPdf + uris: "/getWOPdf" + upstream_url: "{{ sb_cb_ext_service_url }}/getWOPdf" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getUserCompentenciesDetails + uris: "/v2/workallocation/user/competencies" + upstream_url: "{{ sb_cb_ext_service_url }}/v2/workallocation/user/competencies" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: startPdfProfanity + uris: "{{ content_validation_service_prefix }}/v1/startPdfProfanity" + upstream_url: "{{ content_validation_service_url }}/v1/startPdfProfanity" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getPdfProfanity + uris: "{{ content_validation_service_prefix }}/v1/getPdfProfanity" + upstream_url: "{{ content_validation_service_url }}/v1/getPdfProfanity" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getPdfProfanityForContent + uris: "{{ content_validation_service_prefix }}/v1/getPdfProfanityForContent" + upstream_url: "{{ content_validation_service_url }}/v1/read/contentPdfProfanity" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: calculateScore + uris: "{{ scoring_engine_service_prefix }}/v1/add" + upstream_url: "{{ scoring_engine_service_url }}/v1/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: fetchScore + uris: "{{ scoring_engine_service_prefix }}/v1/fetch" + upstream_url: "{{ scoring_engine_service_url }}/v1/fetch" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getScoringTemplate + uris: "{{ scoring_engine_service_prefix }}/v1/getTemplate" + upstream_url: "{{ scoring_engine_service_url }}/v1/getTemplate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: findRecommendedConnection + uris: "{{ hub_graph_service_prefix }}/profile/find/recommended" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/find/recommended" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: findSuggestedConnection + uris: "{{ hub_graph_service_prefix }}/profile/find/suggests" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/find/suggests" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: fetchRequestedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/requested" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/requested" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: fetchRequestedReceivedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/requests/received" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/requests/received" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: fetchEstablishedConnection + uris: "{{ hub_graph_service_prefix }}/profile/fetch/established" + upstream_url: "{{ hub_graph_service_url }}/connections/profile/fetch/established" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: addConnection + uris: "{{ hub_graph_service_prefix }}/add" + upstream_url: "{{ hub_graph_service_url }}/connections/add" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: updateConnection + uris: "{{ hub_graph_service_prefix }}/update" + upstream_url: "{{ hub_graph_service_url }}/connections/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: userAutoComplete + uris: "{{ user_service_prefix }}/v1/autocomplete" + upstream_url: "{{ learning_service_url }}/v1/user/autocomplete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: userNetworkAutoComplete + uris: "/v1/user/autocomplete" + upstream_url: "{{ hub_graph_service_url }}/v1/user/autocomplete" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowTransition + uris: "{{ workflow_handler_service_prefix }}/transition" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/transition" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: workflowApplicationsSearch + uris: "{{ workflow_handler_service_prefix }}/applications/search" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/applications/search" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: workflowNextAction + uris: "{{ workflow_handler_service_prefix }}/nextAction" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/nextAction" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: workflowProcess + uris: "{{ workflow_handler_service_prefix }}/workflowProcess" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/workflowProcess" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: workflowUpdateUserProfileWf + uris: "{{ workflow_handler_service_prefix }}/updateUserProfileWF" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/updateUserProfileWF" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataCreate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: workflowGetUserWF + uris: "{{ workflow_handler_service_prefix }}/getUserWF" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/getUserWF" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + + - name: workflowGetUserWFApplicationFields + uris: "{{ workflow_handler_service_prefix }}/getUserWFApplicationFields" + upstream_url: "{{ workflow_handler_service_url }}/v1/workflow/getUserWFApplicationFields" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: ContentUpdateReviewStatus + uris: "/action/content/v3/updateReviewStatus" + upstream_url: "{{ content_service_url }}/content/v3/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: privateSendEmailNotification + uris: "{{ learner_private_route_prefix }}/user/v1/notification/email" + upstream_url: "{{ learning_service_url }}/private/user/v1/notification/email" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'appUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: ContenthierarchyUpdate + uris: "/action/content/v3/hierarchyUpdate" + upstream_url: "{{ content_service_url }}/content/v3/hierarchy/update" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'contentUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: privateUserMigrate + uris: "{{ user_service_prefix }}/private/v1/migrate" + upstream_url: "{{ learning_service_url }}/private/user/v1/migrate" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'userUpdate' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: discussionHubAPIs + uris: "/discussion" + upstream_url: "{{ discussions_mw_url }}/discussion" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + - name: request-transformer + config: + rename: + headers: + - nodebb_authorization_token:Authorization + + - name: nodebbauthAPIs + uris: "/nodebb/auth/api" + upstream_url: "{{ nodebb_url }}/api" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + + - name: nodebbAPIs + uris: "/nodebb/api" + upstream_url: "{{ nodebb_url }}/api" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ medium_request_size_limit }}" + + - name: "analyticsGetDashboardsForProfile" + uris: "{{ dashboard_service_prefix }}/analytics/getDashboardsForProfile/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getDashboardsForProfile/Karmayogi" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "analyticsGetChartVisualization" + uris: "{{ dashboard_service_prefix }}/analytics/getChartV2/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getChartV2/Karmayogi" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: "analyticsGetDashboardConfiguration" + uris: "{{ dashboard_service_prefix }}/analytics/getDashboardConfig/Karmayogi" + upstream_url: "{{ analytics_url }}/dashboard/analytics/getDashboardConfig/Karmayogi" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getBrowseByCompetency + uris: "/searchBy/competency" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/browseByCompetency" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: getBrowseByProvider + uris: "/searchBy/provider" + upstream_url: "{{ sb_cb_ext_service_url }}/v1/browseByProvider" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: staffOperation + uris: "/staff/position" + upstream_url: "{{ sb_cb_ext_service_url }}/staff/position" + strip_uri: true + plugins: + - n- name: staffOperation + uris: "/staff/position" + upstream_url: "{{ sb_cb_ext_service_url }}/staff/position" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: budgetOperation + uris: "/budget/scheme" + upstream_url: "{{ sb_cb_ext_service_url }}/budget/scheme" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" + + - name: orgHistoryOperation + uris: "/orghistory" + upstream_url: "{{ sb_cb_ext_service_url }}/orghistory" + strip_uri: true + plugins: + - name: jwt + - name: cors + - "{{ statsd_pulgin }}" + - name: acl + config.whitelist: + - 'dataAccess' + - name: rate-limiting + config.policy: local + config.hour: "{{ medium_rate_limit_per_hour }}" + config.limit_by: credential + - name: request-size-limiting + config.allowed_payload_size: "{{ small_request_size_limit }}" diff --git a/ansible/roles/kong-consumer/defaults/main.yml b/ansible/roles/kong-consumer/defaults/main.yml index 2ab952531..42b54cd90 100644 --- a/ansible/roles/kong-consumer/defaults/main.yml +++ b/ansible/roles/kong-consumer/defaults/main.yml @@ -65,6 +65,7 @@ kong_all_consumer_groups: - objectAccess - orgAccess - orgCreate + - orgUpdate - pageAccess - pluginAccess - reportsAccess @@ -74,6 +75,7 @@ kong_all_consumer_groups: - ssoCreate - userAccess - userAdmin + - userSuperAdmin - userCreate - userTempAdmin - userUpdate diff --git a/ansible/roles/monit/templates/monitrc b/ansible/roles/monit/templates/monitrc index 0681b787c..79db90c41 100755 --- a/ansible/roles/monit/templates/monitrc +++ b/ansible/roles/monit/templates/monitrc @@ -1,43 +1,290 @@ -# Start Monit in the background (run as a daemon): - set daemon 60 # check services at 1-minute intervals - set logfile /var/log/monit.log - set idfile /var/lib/monit/id - set statefile /var/lib/monit/state +############################################################################### +## Monit control file +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and +## options, please have a look in the Monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start Monit in the background (run as a daemon): +# +set daemon 30 # check services at 30 seconds intervals +# with start delay 240 # optional: delay the first check by 4-minutes (by +# # default Monit check immediately after Monit start) +# +# +## Set syslog logging. If you want to log to a standalone log file instead, +## specify the full path to the log file +# +set logfile syslog - set mailserver {{ monitor_alerts_mail_server_host }} port {{ monitor_alerts_mail_server_port }} - username "{{ monitor_alerts_mail_server_username }}" - password "{{ monitor_alerts_mail_server_password }}" - using TLSV1 - with timeout 30 seconds +# +# +## Set the location of the Monit lock file which stores the process id of the +## running Monit instance. By default this file is stored in $HOME/.monit.pid +# +# set pidfile /var/run/monit.pid +# +## Set the location of the Monit id file which stores the unique id for the +## Monit instance. The id is generated and stored on first Monit start. By +## default the file is placed in $HOME/.monit.id. +# +# set idfile /var/.monit.id +# +## Set the location of the Monit state file which saves monitoring states +## on each cycle. By default the file is placed in $HOME/.monit.state. If +## the state file is stored on a persistent filesystem, Monit will recover +## the monitoring state across reboots. If it is on temporary filesystem, the +## state will be lost on reboot which may be convenient in some situations. +# +# set statefile /var/.monit.state +# +# - set httpd - port 2812 - allow 0.0.0.0/0 +## Set limits for various tests. The following example shows the default values: +## +# set limits { +# programOutput: 512 B, # check program's output truncate limit +# sendExpectBuffer: 256 B, # limit for send/expect protocol test +# fileContentBuffer: 512 B, # limit for file content test +# httpContentBuffer: 1 MB, # limit for HTTP content test +# networkTimeout: 5 seconds # timeout for network I/O +# } -## By default Monit will drop alert events if no mail servers are available. -## If you want to keep the alerts for later delivery retry, you can use the -## EVENTQUEUE statement. - set eventqueue - basedir /var/lib/monit/events # set the base directory where events will be stored - slots 100 # optionally limit the queue size - - set mail-format { - from: {{ monitor_alerts_mail_from_email }} - subject: [{{ env }}] monit alert -- $EVENT $SERVICE - message: $EVENT Service $SERVICE - Date: $DATE - Action: $ACTION - Host: $HOST - Description: $DESCRIPTION - - Your faithful employee, - Monit - } - -{% for mail_id in alerts_mailing_list.split(',') %} - set alert {{ mail_id }} not on { instance, pid, ppid } -{% endfor %} +## Set global SSL options (just most common options showed, see manual for +## full list). +# +# set ssl { +# verify : enable, # verify SSL certificates (disabled by default but STRONGLY RECOMMENDED) +# selfsigned : allow # allow self signed SSL certificates (reject by default) +# } +# +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. If the first mail server fails, Monit +# will use the second mail server in the list and so on. By default Monit uses +# port 25 - it is possible to override this with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay +# +# +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the queue size +## by using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# +# set eventqueue +# basedir /var/monit # set the base directory where events will be stored +# slots 100 # optionally limit the queue size +# +# +## Send status and events to M/Monit (for more informations about M/Monit +## see http://mmonit.com/). By default Monit registers credentials with +## M/Monit so M/Monit can smoothly communicate back to Monit and you don't +## have to register Monit credentials manually in M/Monit. It is possible to +## disable credential registration using the commented out option below. +## Though, if safety is a concern we recommend instead using https when +## communicating with M/Monit and send credentials encrypted. +# +# set mmonit http://monit:monit@192.168.1.10:8080/collector +# # and register without credentials # Don't register credentials +# +# +## Monit by default uses the following format for alerts if the the mail-format +## statement is missing:: +## --8<-- +## set mail-format { +## from: Monit +## subject: monit alert -- $EVENT $SERVICE +## message: $EVENT Service $SERVICE +## Date: $DATE +## Action: $ACTION +## Host: $HOST +## Description: $DESCRIPTION +## +## Your faithful employee, +## Monit +## } +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender, use: +# +# set mail-format { from: monit@foo.bar } +# +# +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# +## Do not alert when Monit starts, stops or performs a user initiated action. +## This filter is recommended to avoid getting alerts for trivial cases. +# +# set alert your-name@your.domain not on { instance, action } +# +# +## Monit has an embedded HTTP interface which can be used to view status of +## services monitored and manage services from a web interface. The HTTP +## interface is also required if you want to issue Monit commands from the +## command line, such as 'monit status' or 'monit restart service' The reason +## for this is that the Monit client uses the HTTP interface to send these +## commands to a running Monit daemon. See the Monit Wiki if you want to +## enable SSL for the HTTP interface. +# +set httpd port 2812 and + use address localhost # only accept connection from localhost + allow localhost # allow localhost to connect to the server and + allow admin:monit # require user 'admin' with password 'monit' +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system $HOST +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if cpu usage > 95% for 10 cycles then alert +# if memory usage > 75% then alert +# if swap usage > 25% then alert +# +# +## Check if a file exists, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. More than one group can be specified by +## repeating the 'group name' statement. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" with timeout 60 seconds +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/somefile.html" +# then restart +# if failed port 443 protocol https with timeout 15 seconds then restart +# if 3 restarts within 5 cycles then unmonitor +# depends on apache_bin +# group server +# +# +## Check filesystem permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check filesystem datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and +## connection to a port and an application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed ping then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed port 80 protocol http +# and request /some/path with content = "a string" +# then alert +# +# +## Check a network link status (up/down), link capacity changes, saturation +## and bandwidth usage. +# +# check network public with interface eth0 +# if failed link then alert +# if changed link then alert +# if saturation > 90% then alert +# if download > 10 MB/s then alert +# if total upload > 1 GB in last hour then alert +# +# +## Check custom program status output. +# +# check program myscript with path /usr/local/bin/myscript.sh +# if status != 0 then alert +# +# +############################################################################### +## Includes +############################################################################### +## ## It is possible to include additional configuration parts from other files or ## directories. - include /etc/monit/conf.d/* +# +# include /etc/monit.d/* +# diff --git a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env index 42859c390..389b8a412 100644 --- a/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env +++ b/ansible/roles/stack-sunbird/templates/sunbird_lms-service.env @@ -125,7 +125,8 @@ learning.content.props.to.add={{ learning_content_props_to_add | default('mimeTy group_activity_agg_cache_ttl={{ group_activity_agg_cache_ttl }} group_activity_agg_cache_enable={{ group_activity_agg_cache_enable }} sunbird_env_name={{env_name}} - +content.default.fields=contentid,userid,batchid,courseid,completedcount,completionpercentage,lastcompletedtime,status,viewcount + ## Redis connection detail ## redis.connection.max={{ lms_redis_connection_max | default(64) }} redis.connection.idle.max={{ lms_redis_connection_idle_max | default(32) }} diff --git a/kubernetes/ansible/roles/kong-api/tasks/main.yml b/kubernetes/ansible/roles/kong-api/tasks/main.yml index a83c8a070..4c5790cdd 100644 --- a/kubernetes/ansible/roles/kong-api/tasks/main.yml +++ b/kubernetes/ansible/roles/kong-api/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: Ensure pip is installed - apt: name=python-pip update_cache=yes - when: ansible_os_family == 'Debian' +#- name: Ensure pip is installed +# apt: name=python-pip update_cache=yes +# when: ansible_os_family == 'Debian' -- name: Ensure retry is installed - pip: name=retry +#- name: Ensure retry is installed +# pip: name=retry - name: Save api details to json file copy: dest=/tmp/kong_apis.json content="{{ kong_apis | to_nice_json}}" mode=0644