diff options
Diffstat (limited to 'roles/munin-master')
| -rw-r--r-- | roles/munin-master/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/munin-master/tasks/main.yml | 11 | ||||
| -rw-r--r-- | roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 | 3 |
3 files changed, 11 insertions, 7 deletions
diff --git a/roles/munin-master/handlers/main.yml b/roles/munin-master/handlers/main.yml index 4c41033..f65376c 100644 --- a/roles/munin-master/handlers/main.yml +++ b/roles/munin-master/handlers/main.yml @@ -3,22 +3,22 @@ command: /bin/systemctl daemon-reload - name: Restart rrdcached service: name=rrdcached state=restarted - name: Restart munin service: name=munin state=restarted - name: Restart munin-node service: name=munin-node state=restarted - name: Restart munin-cgi-graph service: name=munin-cgi-graph state=restarted - name: Restart munin-cgi-html service: name=munin-cgi-html state=restarted - name: Restart Nginx service: name=nginx state=restarted -- name: Restart stunnel - service: name=stunnel4 pattern=/usr/bin/stunnel4 state=restarted +- name: Restart stunnel@munin-master + service: name=stunnel4@munin-master state=restarted diff --git a/roles/munin-master/tasks/main.yml b/roles/munin-master/tasks/main.yml index 4b3cfb7..1580197 100644 --- a/roles/munin-master/tasks/main.yml +++ b/roles/munin-master/tasks/main.yml @@ -86,51 +86,54 @@ state=link force=yes register: r2 notify: - Restart Nginx - name: Start Nginx service: name=nginx state=started when: not (r1.changed or r2.changed) - meta: flush_handlers - name: Copy munin-node X.509 certificates copy: src=certs/munin/{{ item }}.pem dest=/etc/stunnel/certs/munin-{{ hostvars[item].inventory_hostname_short }}.pem owner=root group=root mode=0644 with_items: "{{ groups.all | difference([inventory_hostname]) }}" register: r1 notify: - - Restart stunnel + - Restart stunnel@munin-master - name: Configure stunnel template: src=etc/stunnel/munin-master.conf.j2 dest=/etc/stunnel/munin-master.conf owner=root group=root mode=0644 register: r2 notify: - - Restart stunnel + - Restart stunnel@munin-master -- name: Start stunnel - service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started +- name: Enable stunnel@munin-master + service: name=stunnel4@munin-master enabled=yes + +- name: Start stunnel@munin-master + service: name=stunnel4@munin-master state=started when: not (r1.changed or r2.changed) - meta: flush_handlers - name: Install 'munin_stats' and 'munin_update' plugins file: src=/usr/share/munin/plugins/{{ item }} dest=/etc/munin/plugins/{{ item }} owner=root group=root state=link force=yes with_items: - munin_stats - munin_update tags: - munin-node - munin notify: - Restart munin-node diff --git a/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 b/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 index bbe4114..ffc7d0d 100644 --- a/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 +++ b/roles/munin-master/templates/etc/stunnel/munin-master.conf.j2 @@ -1,30 +1,31 @@ ; ************************************************************************** ; * Global options * ; ************************************************************************** ; setuid()/setgid() to the specified user/group in daemon mode setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail -pid = /var/run/stunnel4/munin-master.pid +pid = +foreground = yes ; Only log messages at severity warning (4) and higher debug = 4 ; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; ************************************************************************** ; Certificate/key is needed in server mode and optional in client mode cert = /etc/stunnel/certs/munin-{{ inventory_hostname_short }}.pem key = /etc/stunnel/certs/munin-{{ inventory_hostname_short }}.key client = yes socket = a:SO_BINDTODEVICE=lo ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Prevent MITM attacks verify = 4 |