Installation/configuration de Munin

2019-12-31 15:25:24 +01:00
parent 79c54a22c3
commit fddbc1c9b4
11 changed files with 327 additions and 1 deletions
--- a/munin.yml
+++ b/munin.yml
@@ -0,0 +1,7 @@
 - hosts: all:!baybay-ponay.mateu.be
  roles:
      - munin-client
 - hosts: muninservers
  roles:
      - munin-server
--- a/production/hosts
+++ b/production/hosts
@@ -17,7 +17,7 @@ borg_client
 edelgard.dmz.mateu.be
 [borg_client]
-baybay-ponay.mateu.be borg_backup_path="['/home', '/etc']" borg_backup_excluded_path="['/home/.snapshots']" borg_backup_hour=19 borg_backup_minute=30
+#baybay-ponay.mateu.be borg_backup_path="['/home', '/etc']" borg_backup_excluded_path="['/home/.snapshots']" borg_backup_hour=19 borg_backup_minute=30
 bt.dmz.mateu.be borg_backup_path="['/etc', '/var/lib/transmission-daemon']"
 web1.dmz.mateu.be
 web2.dmz.mateu.be
@@ -46,6 +46,7 @@ ror.dmz.mateu.be web_hostname="['m.nintendojo.fr']"
 jabber.dmz.mateu.be web_hostname="['libertus.eu', 'upload.libertus.eu', 'xmpp.libertus.eu']"
 voice3.dmz.mateu.be web_hostname="['radio.nintendojo.fr']"
 mail.dmz.mateu.be web_hostname="['imap.libertus.eu', 'smtp.libertus.eu', 'mm.pipoworld.fr', 'mm.nintendojo.fr']"
 munin.dmz.mateu.be web_hostname="['munin.mateu.be']"
 [phpservers]
 web1.dmz.mateu.be php_modules="['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'curl', 'gettext', 'imap', 'zip', 'apcu']"
@@ -81,3 +82,9 @@ voice3.dmz.mateu.be
 [rsyslogservers]
 syslog.dmz.mateu.be
 [muninservers]
 munin.dmz.mateu.be
 [disabled_munin]
 #baybay-ponay.mateu.be
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -397,6 +397,16 @@ config redirect
 	option dest_port '993'
 	option target 'DNAT'
 # Allow Munin traffic
 config rule
 	option name 'Allow-INPUT-Munin'
 	option src 'dmz'
 	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
 	option proto 'tcp'
 	option dest_port '4949'
 	option target 'ACCEPT'
 	option family 'ipv4'
 ## Default configuration
 config defaults
 	option syn_flood '1'
--- a/roles/munin-client/handlers/main.yml
+++ b/roles/munin-client/handlers/main.yml
@@ -0,0 +1,4 @@
 - name: restart munin-node
  service:
      name: munin-node
      state: restarted
--- a/roles/munin-client/tasks/main.yml
+++ b/roles/munin-client/tasks/main.yml
@@ -0,0 +1,68 @@
 - set_fact:
    muninpkgs:
        - muninlite
    munin_need_reconfigure: False
  when: ansible_facts['distribution'] == "LEDE" or ansible_facts['distribution'] == "OpenWRT"
 - set_fact:
    muninpkgs:
        - munin-node
        - munin-plugins-core
        - munin-plugins-extra
    munin_need_reconfigure: True
  when: ansible_facts['distribution'] == "Debian"
 - name: install munin node packages
  package:
      name: "{{ item }}"
      state: present
  loop: "{{ muninpkgs }}"
 - name: munin-node conf file
  template:
      src: munin-node.conf.j2
      dest: /etc/munin/munin-node.conf
  notify:
      - restart munin-node
  when: munin_need_reconfigure
 - name: install LWP::UserAgent
  package:
      name: libwww-perl
      state: present
  notify:
      - restart munin-node
  when: "'webservers' in group_names"
 - name: reconfigure munin-node
  shell:
      cmd: munin-node-configure --shell | sh
  notify:
      - restart munin-node
  when: munin_need_reconfigure
 ## Useless junks for LXC
 - name: delete diskstats from LXC machines
  file:
      path: /etc/munin/plugins/diskstats
      state: absent
  notify:
      - restart munin-node
  when: ansible_facts['virtualization_type'] == "lxc"
 ## Useless junks for hypervisors
 - name: delete squid plugins
  shell:
      cmd: "rm -f /etc/munin/plugins/squid_*"
      warn: False
  notify:
      - restart munin-node
  when: "'hypervisors' in group_names"
 - name: delete lxc interfaces plugins
  shell:
      cmd: "rm -f /etc/munin/plugins/if_*veth* /etc/munin/plugins/if_*fw* /etc/munin/plugins/if_*vmbr*"
      warn: False
  notify:
      - restart munin-node
  when: "'hypervisors' in group_names"
--- a/roles/munin-client/templates/munin-node.conf.j2
+++ b/roles/munin-client/templates/munin-node.conf.j2
@@ -0,0 +1,64 @@
 #
 # Example config-file for munin-node
 #
 log_level 4
 log_file /var/log/munin/munin-node.log
 pid_file /var/run/munin/munin-node.pid
 background 1
 setsid 1
 user root
 group root
 # This is the timeout for the whole transaction.
 # Units are in sec. Default is 15 min
 #
 # global_timeout 900
 # This is the timeout for each plugin.
 # Units are in sec. Default is 1 min
 #
 # timeout 60
 # Regexps for files to ignore
 ignore_file [\#~]$
 ignore_file DEADJOE$
 ignore_file \.bak$
 ignore_file %$
 ignore_file \.dpkg-(tmp|new|old|dist)$
 ignore_file \.rpm(save|new)$
 ignore_file \.pod$
 # Set this if the client doesn't report the correct hostname when
 # telnetting to localhost, port 4949
 #
 host_name {{ inventory_hostname }}
 # A list of addresses that are allowed to connect.  This must be a
 # regular expression, since Net::Server does not understand CIDR-style
 # network notation unless the perl module Net::CIDR is installed.  You
 # may repeat the allow line as many times as you'd like
 allow ^{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'].split('.')|join('\.') }}
 allow ^127\.0\.0\.1$
 allow ^::1$
 # If you have installed the Net::CIDR perl module, you can use one or more
 # cidr_allow and cidr_deny address/mask patterns.  A connecting client must
 # match any cidr_allow, and not match any cidr_deny.  Note that a netmask
 # *must* be provided, even if it's /32
 #
 # Example:
 #
 # cidr_allow 127.0.0.1/32
 # cidr_allow 192.0.2.0/24
 # cidr_deny  192.0.2.42/32
 # Which address to bind to;
 host *
 # host 127.0.0.1
 # And which port
 port 4949
--- a/roles/munin-server/tasks/main.yml
+++ b/roles/munin-server/tasks/main.yml
@@ -0,0 +1,10 @@
 - name: install munin packages
  package:
      name: munin
      state: present
 - name: munin conf file
  template:
      src: munin.conf.j2
      dest: /etc/munin/munin.conf
--- a/roles/munin-server/templates/munin.conf.j2
+++ b/roles/munin-server/templates/munin.conf.j2
@@ -0,0 +1,147 @@
 # Example configuration file for Munin, generated by 'make build'
 # The next three variables specifies where the location of the RRD
 # databases, the HTML output, logs and the lock/pid files.  They all
 # must be writable by the user running munin-cron.  They are all
 # defaulted to the values you see here.
 #
 #dbdir	/var/lib/munin
 #htmldir /var/cache/munin/www
 #logdir /var/log/munin
 #rundir  /var/run/munin
 # Where to look for the HTML templates
 #
 #tmpldir	/etc/munin/templates
 # Where to look for the static www files
 #
 #staticdir /etc/munin/static
 # temporary cgi files are here. note that it has to be writable by 
 # the cgi user (usually nobody or httpd).
 #
 # cgitmpdir /var/lib/munin/cgi-tmp
 # (Exactly one) directory to include all files from.
 includedir /etc/munin/munin-conf.d
 # You can choose the time reference for "DERIVE" like graphs, and show
 # "per minute", "per hour" values instead of the default "per second"
 #
 #graph_period second
 # Graphics files are generated either via cron or by a CGI process.
 # See http://munin-monitoring.org/wiki/CgiHowto2 for more
 # documentation.
 # Since 2.0, munin-graph has been rewritten to use the cgi code. 
 # It is single threaded *by design* now.
 #
 #graph_strategy cron
 # munin-cgi-graph is invoked by the web server up to very many times at the
 # same time.  This is not optimal since it results in high CPU and memory
 # consumption to the degree that the system can thrash.  Again the default is
 # 6.  Most likely the optimal number for max_cgi_graph_jobs is the same as
 # max_graph_jobs.
 #
 #munin_cgi_graph_jobs 6
 # If the automatic CGI url is wrong for your system override it here:
 #
 #cgiurl_graph /munin-cgi/munin-cgi-graph
 # max_size_x and max_size_y are the max size of images in pixel.
 # Default is 4000. Do not make it too large otherwise RRD might use all
 # RAM to generate the images.
 # 
 #max_size_x 4000
 #max_size_y 4000
 # HTML files are normally generated by munin-html, no matter if the
 # files are used or not. You can change this to on-demand generation
 # by following the instructions in http://munin-monitoring.org/wiki/CgiHowto2
 # 
 # Notes: 
 # - moving to CGI for HTML means you cannot have graph generated by cron.
 # - cgi html has some bugs, mostly you still have to launch munin-html by hand
 # 
 #html_strategy cron
 # munin-update runs in parallel.
 #
 # The default max number of processes is 16, and is probably ok for you.
 #
 # If set too high, it might hit some process/ram/filedesc limits.
 # If set too low, munin-update might take more than 5 min.
 #
 # If you want munin-update to not be parallel set it to 0.
 #
 #max_processes 16
 # RRD updates are per default, performed directly on the rrd files.
 # To reduce IO and enable the use of the rrdcached, uncomment it and set it to
 # the location of the socket that rrdcached uses.
 #
 #rrdcached_socket /var/run/rrdcached.sock
 # Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime
 # something changes (OK -> WARNING, CRITICAL -> OK, etc)
 #contact.someuser.command mail -s "Munin notification" somejuser@fnord.comm
 #contact.anotheruser.command mail -s "Munin notification" anotheruser@blibb.comm
 #
 # For those with Nagios, the following might come in handy. In addition,
 # the services must be defined in the Nagios server as well.
 #contact.nagios.command /usr/bin/send_nsca nagios.host.comm -c /etc/nsca.conf
 # a simple host tree
 {% for host in groups['all'] | difference(groups['disabled_munin']) %}
 [{{ host }}]
 	address {{ hostvars[host]['ansible_default_ipv4']['address'] }}
 {% endfor %}
 #
 # A more complex example of a host tree
 #
 ## First our "normal" host.
 # [fii.foo.com]
 #       address foo
 #
 ## Then our other host...
 # [fay.foo.com]
 #       address fay
 #
 ## IPv6 host. note that the ip adress has to be in brackets
 # [ip6.foo.com]
 #       address [2001::1234:1]
 #
 ## Then we want totals...
 # [foo.com;Totals] #Force it into the "foo.com"-domain...
 #       update no   # Turn off data-fetching for this "host".
 #
 #   # The graph "load1". We want to see the loads of both machines...
 #   # "fii=fii.foo.com:load.load" means "label=machine:graph.field"
 #       load1.graph_title Loads side by side
 #       load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load
 #
 #   # The graph "load2". Now we want them stacked on top of each other.
 #       load2.graph_title Loads on top of each other
 #       load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load
 #       load2.dummy_field.draw AREA # We want area instead the default LINE2.
 #       load2.dummy_field.label dummy # This is needed. Silly, really.
 #
 #   # The graph "load3". Now we want them summarised into one field
 #       load3.graph_title Loads summarised
 #       load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load
 #       load3.combined_loads.label Combined loads # Must be set, as this is
 #                                                 # not a dummy field!
 #
 ## ...and on a side note, I want them listen in another order (default is
 ## alphabetically)
 #
 # # Since [foo.com] would be interpreted as a host in the domain "com", we
 # # specify that this is a domain by adding a semicolon.
 # [foo.com;]
 #       node_order Totals fii.foo.com fay.foo.com
 #
--- a/roles/nginx/templates/default.j2
+++ b/roles/nginx/templates/default.j2
@@ -6,6 +6,7 @@ server {
 		stub_status on;
 		access_log   off;
 		allow 127.0.0.1;
 		allow ::1;
 		deny all;
 	}
 }
--- a/roles/nginx/templates/vhosts/munin.mateu.be.conf.j2
+++ b/roles/nginx/templates/vhosts/munin.mateu.be.conf.j2
@@ -0,0 +1,7 @@
 server {
 {% include './header.conf.j2' %}
 	location / {
 		root /var/cache/munin/www;
 	}
 }
--- a/site.yml
+++ b/site.yml
@@ -16,3 +16,4 @@
 - import_playbook: bittorrent.yml
 - import_playbook: mumble.yml
 - import_playbook: icecast2.yml
 - import_playbook: munin.yml