summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-06-10 15:35:13 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-10 18:37:19 +0200
commitb408390ae9311b7d703ce57c25a78dce23c31b16 (patch)
treed9b1c795c0ef8b75dbaef709aa8622863d636942 /roles/common/tasks
parenta82e3759627a0612592d853796f2a1137f9189f5 (diff)
Configure munin nodes & master.
Interhost communications are protected by stunnel4. The graphs are only visible on the master itself, and content is generated by Fast CGI.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/main.yml9
-rw-r--r--roles/common/tasks/munin-node.yml207
2 files changed, 212 insertions, 4 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 477bd34..df609d3 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -27,10 +27,11 @@
- name: Generate DH parameters
command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem
tags: genkey
-- include: logging.yml tags=logging
-- include: ntp.yml tags=ntp
-- include: mail.yml tags=mail,postfix
-- include: bacula.yml tags=bacula-fd,bacula
+- include: logging.yml tags=logging
+- include: ntp.yml tags=ntp
+- include: mail.yml tags=mail,postfix
+- include: bacula.yml tags=bacula-fd,bacula
+- include: munin-node.yml tags=munin-node,munin
- name: Install common packages
apt: pkg={{ item }}
diff --git a/roles/common/tasks/munin-node.yml b/roles/common/tasks/munin-node.yml
new file mode 100644
index 0000000..9e5d8f4
--- /dev/null
+++ b/roles/common/tasks/munin-node.yml
@@ -0,0 +1,207 @@
+- name: Install munin-node
+ apt: pkg={{ item }}
+ with_items:
+ - munin-node
+ - munin-plugins-extra
+ ###
+ - acpi
+ - lm-sensors
+ - ethtool
+ - hdparm
+ - libwww-perl
+ - libxml-simple-perl
+ - logtail
+
+- name: Create directory /usr/local/share/munin/plugins
+ file: path=/usr/local/share/munin/plugins
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy our own Munin plugins
+ copy: src={{ item }}
+ dest=/usr/local/share/munin/plugins/
+ owner=root group=root
+ mode=0755
+ with_fileglob:
+ - usr/local/share/munin/plugins/*
+
+- name: Configure munin-node
+ template: src=etc/munin/{{ item }}.j2
+ dest=/etc/munin/{{ item }}
+ owner=root group=root
+ mode=0644
+ register: r1
+ with_items:
+ - munin-node.conf
+ - plugin-conf.d/munin-node
+ notify:
+ - Restart munin-node
+
+- name: Install Munin plugins
+ file: src=/usr/share/munin/plugins/{{ item }}
+ dest=/etc/munin/plugins/{{ item }}
+ owner=root group=root
+ state=link force=yes
+ register: r2
+ with_items:
+ - cpu
+ - df
+ - df_inode
+ - diskstats
+ - entropy
+ - fail2ban
+ - forks
+ - fw_conntrack
+ - fw_forwarded_local
+ - fw_packets
+ - hddtemp_smartctl
+ - interrupts
+ - irqstats
+ - load
+ - memory
+ - netstat
+ - ntp_kernel_err
+ - ntp_kernel_pll_freq
+ - ntp_kernel_pll_off
+ - ntp_offset
+ - open_files
+ - open_inodes
+ - processes
+ - proc_pri
+ - swap
+ - threads
+ - uptime
+ - users
+ - vmstat
+ notify:
+ - Restart munin-node
+
+- name: Delete Munin plugins
+ file: path=/etc/munin/plugins/{{ item }}
+ state=absent
+ register: r3
+ with_items:
+ - http_loadtime
+ - ip_255.255.255.255
+ - postfix_mailqueue
+ - postfix_mailvolume
+ notify:
+ - Restart munin-node
+
+- name: Install 'if_' Munin wildcard plugin
+ file: src=/usr/share/munin/plugins/{{ item.0 }}_
+ dest=/etc/munin/plugins/{{ item.0 }}_{{ item.1 }}
+ owner=root group=root
+ state=link force=yes
+ register: r4
+ with_nested:
+ - [ if, if_err ]
+ - [ lo, "{{ ansible_default_ipv4.interface }}" ]
+ notify:
+ - Restart munin-node
+
+- name: Install 'postfix_mailvolume2' Munin plugin
+ file: src=/usr/local/share/munin/plugins/postfix_mailvolume2
+ dest=/etc/munin/plugins/postfix_mailvolume2
+ owner=root group=root
+ state=link force=yes
+ register: r5
+ notify:
+ - Restart munin-node
+
+- name: Install 'postfix_mailqueue_' Munin wildcard plugin
+ file: src=/usr/local/share/munin/plugins/postfix_mailqueue_
+ dest=/etc/munin/plugins/postfix_mailqueue_postfix
+ owner=root group=root
+ state=link force=yes
+ register: r6
+ notify:
+ - Restart munin-node
+
+- name: Install 'postfix_stats_' Munin wildcard plugin
+ file: src=/usr/local/share/munin/plugins/postfix_stats_
+ dest=/etc/munin/plugins/postfix_stats_{{ item }}_postfix
+ owner=root group=root
+ state=link force=yes
+ register: r7
+ with_items:
+ - smtpd
+ - qmgr
+ - smtp
+ notify:
+ - Restart munin-node
+
+- name: Start munin-node
+ service: name=munin-node state=started
+ when: not (r1.changed or r2.changed or r3.changed or r4.changed or r5.changed or r6.changed or r7.changed)
+
+- meta: flush_handlers
+
+
+
+- name: Install stunnel
+ apt: pkg=stunnel4
+
+- name: Auto-enable stunnel
+ lineinfile: dest=/etc/default/stunnel4
+ regexp='^(\s*#)?\s*ENABLED='
+ line='ENABLED=1'
+ owner=root group=root
+ mode=0644
+
+- name: Create /etc/stunnel/certs
+ file: path=/etc/stunnel/certs
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Generate a private key and a X.509 certificate for munin-node
+ command: genkeypair.sh x509
+ --pubkey=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
+ --privkey=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.key
+ --ou=Munin --cn={{ inventory_hostname }} --dns={{ inventory_hostname }}
+ -t rsa -b 4096 -h sha512
+ register: r1
+ changed_when: r1.rc == 0
+ failed_when: r1.rc > 1
+ notify:
+ - Restart stunnel
+ tags:
+ - genkey
+
+- name: Fetch Munin X.509 certificate
+ # Ensure we don't fetch private data
+ sudo: False
+ fetch: src=/etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem
+ dest=certs/munin/{{ inventory_hostname }}.pem
+ fail_on_missing=yes
+ flat=yes
+ tags:
+ - genkey
+
+- name: Copy munin-master X.509 certificates
+ assemble: src=certs/munin regexp="{{ groups['munin-master'] | join('|') }}\.pem$" remote_src=no
+ dest=/etc/stunnel/certs/munin-master.pem
+ owner=root group=root
+ mode=0644
+ register: r2
+ when: "'munin-master' not in group_names"
+ notify:
+ - Restart stunnel
+
+- name: Configure stunnel
+ template: src=etc/stunnel/munin-node.conf.j2
+ dest=/etc/stunnel/munin-node.conf
+ owner=root group=root
+ mode=0644
+ register: r3
+ when: "'munin-master' not in group_names"
+ notify:
+ - Restart stunnel
+
+- name: Start stunnel
+ service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
+ when: not (r1.changed or r2.changed or r3.changed)
+
+- meta: flush_handlers