Hello munin.afpy.org.
This commit is contained in:
parent
b3c765e67b
commit
4bf259b213
|
@ -4,6 +4,9 @@ gitea1.afpy.org
|
|||
[woodpeckers]
|
||||
woodpecker1.afpy.org
|
||||
|
||||
[muninservers]
|
||||
deb2.afpy.org
|
||||
|
||||
[webservers]
|
||||
deb2.afpy.org
|
||||
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
- hosts: muninservers
|
||||
vars:
|
||||
nginx_domain: "munin.afpy.org"
|
||||
nginx_certificates: ["{{ nginx_domain }}"]
|
||||
nginx_conf: |
|
||||
server
|
||||
{
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{ nginx_domain }};
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server
|
||||
{
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name {{ nginx_domain }};
|
||||
root /var/cache/munin/www;
|
||||
index index.html;
|
||||
|
||||
include snippets/letsencrypt-{{ nginx_domain }}.conf;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location ^~ /munin-cgi/munin-cgi-graph/ {
|
||||
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
||||
|
||||
roles:
|
||||
- munin_server
|
||||
- nginx
|
||||
|
||||
- hosts: all
|
||||
roles:
|
||||
- common # For nftables's *_NEIGHBORS
|
||||
- munin_client
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: Configure hostname
|
||||
hostname:
|
||||
name: "{{ inventory_hostname_short }}"
|
||||
|
@ -23,6 +22,12 @@
|
|||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Gather facts from all hosts
|
||||
setup:
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
loop: "{{ groups['all'] }}"
|
||||
|
||||
- package: name=nftables state=present
|
||||
|
||||
- name: Copy nftables rules
|
||||
|
@ -33,6 +38,22 @@
|
|||
table inet filter
|
||||
flush table inet filter
|
||||
|
||||
define V4_NEIGHBORS = {
|
||||
{% for host in groups["all"] %}
|
||||
{% if hostvars[host]['ansible_facts']['default_ipv4'] %}
|
||||
{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }}, # {{ hostvars[host]['ansible_facts']['nodename'] }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
define V6_NEIGHBORS = {
|
||||
{% for host in groups["all"] %}
|
||||
{% if hostvars[host]['ansible_facts']['default_ipv6'] %}
|
||||
{{ hostvars[host]['ansible_facts']['default_ipv6']['address'] }}, # {{ hostvars[host]['ansible_facts']['nodename'] }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
}
|
||||
|
||||
table inet filter {
|
||||
chain input {
|
||||
type filter hook input priority 0;
|
||||
|
@ -40,6 +61,8 @@
|
|||
ct state established,related accept
|
||||
icmp type echo-request counter accept
|
||||
icmpv6 type echo-request counter accept
|
||||
ip saddr $V4_NEIGHBORS accept
|
||||
ip6 saddr $V6_NEIGHBORS accept
|
||||
|
||||
# accept neighbour discovery otherwise connectivity breaks:
|
||||
icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
|
||||
|
@ -120,5 +143,3 @@
|
|||
LogLevel VERBOSE
|
||||
notify: restart sshd
|
||||
tags: ssh
|
||||
|
||||
tags: common
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
- name: munin
|
||||
service: name=munin-node state=restarted
|
|
@ -0,0 +1,50 @@
|
|||
---
|
||||
|
||||
- name: apt install munin-node
|
||||
apt:
|
||||
state: present
|
||||
name: munin-node
|
||||
register: install_munin
|
||||
|
||||
- name: Configure munin node
|
||||
shell: munin-node-configure --shell | grep -v ip_ | sh
|
||||
when: install_munin is changed
|
||||
notify: munin
|
||||
|
||||
- name: Copy munin-node.conf
|
||||
copy:
|
||||
dest: /etc/munin/munin-node.conf
|
||||
content: |
|
||||
log_level 4
|
||||
log_file /var/log/munin/munin-node.log
|
||||
pid_file /var/run/munin/munin-node.pid
|
||||
|
||||
background 1
|
||||
setsid 1
|
||||
|
||||
user root
|
||||
group root
|
||||
|
||||
ignore_file [\#~]$
|
||||
ignore_file DEADJOE$
|
||||
ignore_file \.bak$
|
||||
ignore_file %$
|
||||
ignore_file \.dpkg-(tmp|new|old|dist)$
|
||||
ignore_file \.rpm(save|new)$
|
||||
ignore_file \.pod$
|
||||
|
||||
{% for host in groups["muninservers"] %}
|
||||
allow ^{{ hostvars[host]['ansible_facts']['default_ipv6']['address'] }}$
|
||||
{% endfor %}
|
||||
allow ^127.0.0.1$
|
||||
|
||||
host *
|
||||
port 4949
|
||||
notify: munin
|
||||
|
||||
- name: Cron for munin apt_all
|
||||
cron:
|
||||
name: "apt update"
|
||||
hour: "*/4"
|
||||
minute: "28"
|
||||
job: "/usr/bin/apt-get update > /dev/null"
|
|
@ -0,0 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Install munin
|
||||
apt:
|
||||
state: present
|
||||
name: munin
|
||||
|
||||
- name: Gather facts from all hosts
|
||||
setup:
|
||||
delegate_to: "{{ item }}"
|
||||
delegate_facts: true
|
||||
loop: "{{ groups['all'] }}"
|
||||
|
||||
- name: Configure munin
|
||||
template: src=munin.conf.j2 dest=/etc/munin/munin.conf
|
|
@ -0,0 +1,17 @@
|
|||
dbdir /var/lib/munin
|
||||
htmldir /var/cache/munin/www
|
||||
logdir /var/log/munin
|
||||
rundir /var/run/munin
|
||||
|
||||
contact.email.command mail -s "Munin-notification for ${var:group} :: ${var:host}" {{ admin_email }}
|
||||
|
||||
tmpldir /etc/munin/templates
|
||||
|
||||
graph_width 600
|
||||
graph_height 400
|
||||
max_graph_jobs 2
|
||||
|
||||
{% for host in groups["all"] %}
|
||||
[{{ hostvars[host]['inventory_hostname'] }}]
|
||||
address [{{ hostvars[host]['ansible_facts']['default_ipv6']['address'] }}]
|
||||
{% endfor %}
|
Loading…
Reference in New Issue