munin (#116)
motd unit house plugins vereinheitlicht aufräumen user vereinheitlicht samba users aufgeräumt aussortiert apc pwr systemd plugin kvm plugins lvm plguin acng plugin munin user chrony fur alle gruppe playbook docker vars playbook firewall munin für alle Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#116 Co-Authored-By: mg <mg@noreply.git.mgrote.net> Co-Committed-By: mg <mg@noreply.git.mgrote.net>
This commit is contained in:
parent
44022ed0a8
commit
416c36f97c
|
@ -6,6 +6,11 @@
|
|||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
- rule: allow
|
||||
to_port: 9999
|
||||
from_ip: 192.168.2.0/24
|
||||
|
@ -15,3 +20,19 @@
|
|||
acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf
|
||||
acng_server_auth_user: acngadmin
|
||||
acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password') }}"
|
||||
### geerlingguy.munin-node
|
||||
munin_node_plugins:
|
||||
- name: chrony
|
||||
- name: systemd_status
|
||||
- name: lvm_
|
||||
- name: acng
|
||||
munin_node_install_plugins: # in eigenes Repo gesichert
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/acng
|
||||
munin_node_config: {
|
||||
"acng": {
|
||||
"env.logfile /var/log/apt-cacher-ng/apt-cacher.log"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,6 +5,45 @@
|
|||
#----------------------------------------------------------------#
|
||||
# This file is managed with ansible! #
|
||||
#----------------------------------------------------------------#
|
||||
### geerlingguy.munin-node
|
||||
munin_node_bind_host: "0.0.0.0"
|
||||
munin_node_bind_port: "4949"
|
||||
munin_node_allowed_cidrs: [192.168.2.0/24]
|
||||
munin_node_remove_plugins:
|
||||
- name: meminfo # zu hohe last
|
||||
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
|
||||
- name: squid_cache
|
||||
- name: squid_objectsize
|
||||
- name: squid_requests
|
||||
- name: squid_traffic
|
||||
- name: nfsd
|
||||
- name: samba
|
||||
- name: nfsd4
|
||||
- name: ntp # verursacht zu viele dns ptr request
|
||||
- name: cronjobs
|
||||
- name: hddtempd # ersetzt durch hddtemp_smartctl
|
||||
- name: ipmi_power # für pve2, leeres diagramm
|
||||
- name: fail2ban
|
||||
- name: fail2ban_
|
||||
- name: apcupsd_pct
|
||||
- name: kvm_io
|
||||
- name: kvm_cpu
|
||||
- name: docker_mem
|
||||
- name: docker_cpu
|
||||
munin_node_plugins:
|
||||
- name: chrony
|
||||
- name: systemd_status
|
||||
- name: lvm_
|
||||
munin_node_install_plugins: # in eigenes Repo gesichert
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
||||
munin_node_config: {
|
||||
"lvm_": {
|
||||
"user munin"
|
||||
}
|
||||
}
|
||||
|
||||
### mgrote.dotfiles
|
||||
dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles
|
||||
dotfiles_repo_path: /home/mg/dotfiles
|
||||
|
@ -76,6 +115,11 @@
|
|||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
ufw_default_incoming_policy: deny
|
||||
ufw_default_outgoing_policy: allow
|
||||
### ryandaniels.create_users
|
||||
|
@ -87,11 +131,20 @@
|
|||
use_sudo: yes
|
||||
use_sudo_nopass: yes
|
||||
user_state: present
|
||||
groups: ssh, sudo
|
||||
groups: ssh, sudo, docker
|
||||
servers:
|
||||
- production
|
||||
- test
|
||||
- laptop
|
||||
- username: munin
|
||||
password: "{{ lookup('keepass', 'munin_linux_password_hash', 'password') }}"
|
||||
update_password: always
|
||||
use_sudo: yes
|
||||
use_sudo_nopass: yes
|
||||
user_state: present
|
||||
groups: root, docker
|
||||
servers:
|
||||
- production
|
||||
- username: root
|
||||
password: "{{ lookup('keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
||||
update_password: on_create
|
||||
|
|
|
@ -1,15 +1,4 @@
|
|||
---
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
to_port: 22
|
||||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 5000
|
||||
protocol: tcp
|
||||
comment: 'rss-feed-changedetection'
|
||||
### geerlingguy.docker
|
||||
docker_users:
|
||||
- mg
|
||||
|
@ -30,27 +19,3 @@
|
|||
/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
|
||||
# https://github.com/restic/restic/issues/1005
|
||||
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
|
||||
### ryandaniels.create_users
|
||||
users:
|
||||
- username: mg
|
||||
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAp7z2WWUS626wY4laQJNGVYs5uOowrSOjd9RLsoPV5GWU46lsD+Q7CblqcBflvkzFiU16bzI0QZcQ9YP5M5LcYreCqCIq2HdeA4/hgIhlBGAzgp4mK8gZsEoCd2rs5888RA8T/oGnAoP0FXBegm2XmXTmt3826ZZUektCanSipMzrT3XUDZDnf1sTY60Fu8GK4hcRIFI7spM0u9upCYXVOrygBmoBQ5GlOyGEPyXs1Am/PERcVZFUPS0mGJ0COVCgEOaVvM8kEn5dK/QpmKqE8OMBsRdQ51pj9BMLNz/0IRnF6OxHDfEyLuqNPZuuBZc+/pULaZefCgjKGL1zXIFFlw== #generieren: ssh-keygen -o; für putty ändern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
|
||||
use_sudo: yes
|
||||
use_sudo_nopass: yes
|
||||
user_state: present
|
||||
groups: ssh, sudo, docker
|
||||
servers:
|
||||
- production
|
||||
- test
|
||||
- username: ansible-user
|
||||
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||
update_password: on_create
|
||||
ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
|
||||
use_sudo: yes
|
||||
use_sudo_nopass: yes
|
||||
user_state: present
|
||||
groups: ssh, sudo
|
||||
servers:
|
||||
- production
|
||||
- test
|
||||
|
|
|
@ -12,3 +12,8 @@
|
|||
to_port: 80
|
||||
comment: 'dokuwiki-webserver'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
|
|
|
@ -110,3 +110,22 @@
|
|||
to_port: 139
|
||||
comment: 'smb'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
|
||||
### geerlingguy.munin-node
|
||||
munin_node_plugins:
|
||||
- name: chrony
|
||||
- name: systemd_status
|
||||
- name: lvm_
|
||||
- name: samba_locked
|
||||
- name: samba_users
|
||||
munin_node_install_plugins: # in eigenes Repo gesichert
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_locked
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_users
|
||||
|
|
|
@ -18,6 +18,11 @@
|
|||
protocol: tcp
|
||||
comment: 'gitea'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
### tmaurice.gitea
|
||||
gitea_version: "1.13.7"
|
||||
gitea_app_name: "Gitea"
|
||||
|
|
|
@ -18,6 +18,11 @@
|
|||
to_port: 8080
|
||||
comment: 'jenkins'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
### mgrote.restic
|
||||
restic_folders_to_backup: /usr/local /etc /root /home /var/lib/jenkins
|
||||
### geerlingguy.pip
|
||||
|
|
|
@ -10,6 +10,11 @@
|
|||
to_port: 123
|
||||
comment: 'ntp'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
### mgrote.ntp_chrony_server
|
||||
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
|
||||
|
|
|
@ -10,6 +10,11 @@
|
|||
to_port: 80
|
||||
comment: 'pihole-webgui'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.2.144/24
|
||||
- rule: allow
|
||||
to_port: 53
|
||||
comment: 'pihole-dns'
|
||||
|
|
|
@ -12,10 +12,10 @@
|
|||
### mgrote.apcupsd
|
||||
apcupsd_slave_polltime: 10 #in Sekunden
|
||||
### geerlingguy.munin-node
|
||||
munin_node_bind_host: "0.0.0.0"
|
||||
munin_node_bind_port: "4949"
|
||||
munin_node_allowed_cidrs: [192.168.2.0/24]
|
||||
munin_node_plugins:
|
||||
- name: chrony
|
||||
- name: systemd_status
|
||||
- name: lvm_
|
||||
- name: apc_nis
|
||||
- name: hddtemp_smartctl
|
||||
- name: zpool_iostat
|
||||
|
@ -23,7 +23,9 @@
|
|||
- name: zfs_arcstats
|
||||
- name: zfs_list
|
||||
- name: zpool_capacity
|
||||
- name: fail2ban_
|
||||
- name: kvm_mem
|
||||
- name: kvm_net
|
||||
- name: apcupsd_pwr
|
||||
munin_node_config: {
|
||||
"apc_nis": {
|
||||
"env.host": "pve2.grote.lan",
|
||||
|
@ -31,25 +33,17 @@
|
|||
}
|
||||
}
|
||||
munin_node_install_plugins: # in eigenes Repo gesichert
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_arcstats
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfsonlinux_stats_
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_iostat
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_list
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_capacity
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/fail2ban_
|
||||
munin_node_remove_plugins:
|
||||
- name: meminfo # zu hohe last
|
||||
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
|
||||
- name: squid_cache
|
||||
- name: squid_objectsize
|
||||
- name: squid_requests
|
||||
- name: squid_traffic
|
||||
- name: nfsd
|
||||
- name: nfsd4
|
||||
- name: ntp # verursacht zu viele dns ptr request
|
||||
- name: cronjobs
|
||||
- name: hddtempd # ersetzt durch hddtemp_smartctl
|
||||
- name: ipmi_power # für pve2, leeres diagramm
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_mem
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_net
|
||||
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/apcupsd_pwr
|
||||
|
||||
# Ansible Variablen
|
||||
### sudo
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
to_port: 22
|
||||
protocol: tcp
|
||||
comment: 'ssh'
|
||||
from_ip: 192.168.2.0/24
|
||||
- rule: allow
|
||||
to_port: 4949
|
||||
protocol: tcp
|
||||
comment: 'munin'
|
||||
from_ip: 192.168.0.0/16
|
||||
- rule: allow
|
||||
to_port: 5000
|
||||
protocol: tcp
|
||||
comment: 'rss-feed-changedetection'
|
||||
### geerlingguy.munin-node
|
||||
munin_node_allowed_cidrs: [192.168.0.0/16] # weil der munin-server aus einem anderen subnet zugreift
|
BIN
keepass_db.kdbx
BIN
keepass_db.kdbx
Binary file not shown.
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- hosts: proxmoxprod
|
||||
- hosts: production
|
||||
roles:
|
||||
- { role: geerlingguy.munin-node,
|
||||
become: true,
|
||||
|
|
|
@ -9,3 +9,7 @@
|
|||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
|
||||
- name: systemctl_reset_failed
|
||||
become: yes
|
||||
ansible.builtin.shell: systemctl reset-failed
|
||||
|
|
|
@ -99,3 +99,6 @@
|
|||
path: '/etc/update-motd.d/10-wetter-mgrote'
|
||||
state: absent
|
||||
when: not motd_wetter_aktiv
|
||||
|
||||
- name: include systemctl tasks
|
||||
include_tasks: systemctl.yml
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
- name: stop units
|
||||
become: yes
|
||||
ansible.builtin.systemd:
|
||||
name: motd-news
|
||||
masked: yes
|
||||
state: stopped
|
||||
notify: systemctl_reset_failed
|
||||
register: scsstop
|
||||
ignore_errors: true
|
||||
|
||||
- name: disable units
|
||||
become: yes
|
||||
ansible.builtin.shell: systemctl disable motd-news
|
||||
when: scsstop.changed
|
||||
|
||||
- name: Remove files
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path:
|
||||
- rm /etc/systemd/system/motd-news
|
||||
- rm /usr/lib/systemd/system/motd-news
|
||||
state: absent
|
||||
|
||||
- name: force systemd to reread configs
|
||||
become: yes
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
when: scsstop.changed
|
||||
|
||||
|
||||
# https://superuser.com/questions/513159/how-to-remove-systemd-services
|
Loading…
Reference in New Issue