configure munin-node in the common role

Signed-off-by: Mattia Rizzolo <mattia@debian.org>

configure munin-node in the common role
Signed-off-by: Mattia Rizzolo <mattia@debian.org>
63bf7923 · Mattia Rizzolo · c3d4c492 · 63bf7923 · 63bf7923 · 63bf7923
Commit 63bf7923 authored Mar 15, 2018 by Mattia Rizzolo
6 changed files
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@@ -5,12 +5,15 @@
    name: ssh
    state: restarted

+- name: common.restart-munin-node
+  service:
+    name: munin-node
+    state: restarted

 - name: common.reload-firewall
  service:
    name: firewall
    state: restarted

-
 - name: common.reload-systemd
  shell: systemctl daemon-reload
--- a/roles/common/tasks/munin.yml
+++ b/roles/common/tasks/munin.yml
+---
+
+- name: install the munin-node package
+  apt:
+    name: munin-node
+
+- name: install munin node config
+  template:
+    src: munin/munin-node.conf
+    dest: /etc/munin/munin-node.conf
+    owner: root
+    group: munin
+    mode: 0644
+  notify: common.restart-munin-node
+
+- name: install munin plugins config
+  template:
+    src: munin/plugins.conf
+    dest: /etc/munin/plugin-conf.d/munin-node
+    owner: root
+    group: root
+    mode: 0644
+  notify: common.restart-munin-node
+
+- name: let the plugin conf files be readable
+  file:
+    path: /etc/munin/plugin-conf.d
+    state: directory
+    mode: 0755
+
+- name: install the firewall rule
+  template:
+    src: munin/firewall.sh
+    dest: /etc/firewall/nginx.sh
+    mode: 0744
+  notify: common.reload-firewall
--- a/roles/common/templates/aliases
+++ b/roles/common/templates/aliases
+#
+# {{ ansible_managed }}
+#
+
+root: root@ubuntu-it.org
+
+# rfc2142:
+abuse: root
+noc: root
+security: root
+postmaster: root
+hostmaster: root
+webmaster: root
+www: root
+ftp: root
+info: root
+usenet: root
+news: root
--- a/roles/common/templates/munin/firewall.sh
+++ b/roles/common/templates/munin/firewall.sh
+#
+# {{ ansible_managed }}
+#
+
+command -A public_input_tcp -p tcp -s -178.62.47.107 -dport 4949 -j ACCEPT
--- a/roles/common/templates/munin/munin-node.conf
+++ b/roles/common/templates/munin/munin-node.conf
+#
+# {{ ansible_managed }}
+#
+
+log_level 4
+log_file /var/log/munin/munin-node.log
+pid_file /var/run/munin/munin-node.pid
+
+background 1
+setsid 1
+
+user root
+group root
+
+# This is the timeout for the whole transaction.
+# Units are in sec. Default is 15 min
+#
+# global_timeout 900
+
+# This is the timeout for each plugin.
+# Units are in sec. Default is 1 min
+#
+# timeout 60
+
+# Regexps for files to ignore
+ignore_file [\#~]$
+ignore_file DEADJOE$
+ignore_file \.bak$
+ignore_file %$
+ignore_file \.dpkg-(tmp|new|old|dist)$
+ignore_file \.rpm(save|new)$
+ignore_file \.pod$
+
+# Set this if the client doesn't report the correct hostname when
+# telnetting to localhost, port 4949
+#
+#host_name localhost.localdomain
+
+# A list of addresses that are allowed to connect.  This must be a
+# regular expression, since Net::Server does not understand CIDR-style
+# network notation unless the perl module Net::CIDR is installed.  You
+# may repeat the allow line as many times as you'd like
+
+allow ^127\.0\.0\.1$
+allow ^::1$
+allow ^178\.62\.47\.107$  # savidlin.m.o, aka munin.mapreri.org
+
+# If you have installed the Net::CIDR perl module, you can use one or more
+# cidr_allow and cidr_deny address/mask patterns.  A connecting client must
+# match any cidr_allow, and not match any cidr_deny.  Note that a netmask
+# *must* be provided, even if it's /32
+#
+# Example:
+#
+# cidr_allow 127.0.0.1/32
+# cidr_allow 192.0.2.0/24
+# cidr_deny  192.0.2.42/32
+
+# Which address to bind to;
+host *
+# host 127.0.0.1
+
+# And which port
+port 4949
--- a/roles/common/templates/munin/plugins.conf
+++ b/roles/common/templates/munin/plugins.conf
+#
+# {{ ansible_managed }}
+#
+# This file is used to configure how the plugins are invoked.
+# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
+#
+# PLEASE NOTE: Changes in the plugin-conf.d directory are only
+# read at munin-node startup, so restart at any changes.
+#
+# user <user>         # Set the user to run the plugin as.
+# group <group>       # Set the group to run the plugin as.
+# command <command>   # Run <command> instead of the plugin. %c expands to
+#                       what would normally be run.
+# env.<variable> <value> # Sets <variable> in the plugin's environment, see the
+#                       individual plugins to find out which variables they
+#                       care about.
+
+
+[amavis]
+group adm
+env.MUNIN_MKTEMP /bin/mktemp -p /tmp/ $1
+env.amavislog /var/log/mail.info
+
+[apt]
+user root
+
+[courier_mta_mailqueue]
+group daemon
+
+[courier_mta_mailstats]
+group adm
+
+[courier_mta_mailvolume]
+group adm
+
+[cps*]
+user root
+
+[df*]
+env.warning 92
+env.critical 98
+
+[exim_mailqueue]
+group adm, (Debian-exim)
+
+[exim_mailstats]
+group adm, (Debian-exim)
+env.logdir /var/log/exim4/
+env.logname mainlog
+
+[fw_conntrack]
+user root
+
+[fw_forwarded_local]
+user root
+
+[hddtemp_smartctl]
+user root
+
+[hddtemp2]
+user root
+
+[if_*]
+user root
+
+[if_err_*]
+user nobody
+
+[ip_*]
+user root
+
+[ipmi_*]
+user root
+
+[mysql*]
+user root
+env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
+env.mysqluser debian-sys-maint
+env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
+
+[postfix_mailqueue]
+user postfix
+env.warning 50
+env.critical 100
+
+[postfix_mailstats]
+group adm
+
+[postfix_mailvolume]
+group adm
+env.logfile mail.log
+
+[sendmail_*]
+user smmta
+
+[smart_*]
+user root
+
+[vlan*]
+user root
+
+[ejabberd*]
+user ejabberd
+env.statuses available away chat xa
+env.days 1 7 30
+
+[dhcpd3]
+user root
+env.leasefile /var/lib/dhcp3/dhcpd.leases
+env.configfile /etc/dhcp3/dhcpd.conf
+
+[jmx_*]
+env.ip 127.0.0.1
+env.port 5400
+
+[samba]
+user root
+
+[munin_stats]
+user munin
+group munin
+
+[postgres_*]
+user postgres
+env.PGUSER postgres
+env.PGPORT 5432
+
+[fail2ban]
+user root
+
+[spamstats]
+group adm