mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

munin_node rewrite (#125)

Browse source 
readme

rolle geerlingguy weg

apc_nis

rolle

playbook

docker in gruppe

vars

disabled plugins

in eigenes Repo gesichert

munin_node_additional_plugins

default plugins weg

wip

remote_src --> src

defaults und conf

rolle neu

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#125
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>
This commit is contained in:
Michael Grote 2021-06-22 13:57:45 +02:00
parent 23d5579b56
commit 61d8396f43
18 changed files with 181 additions and 295 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
group_vars/acng.yml
View file

@ -21,16 +21,15 @@
acng_server_auth_user: acngadmin
acng_server_auth_pass: "{{ lookup('keepass', 'acng_webinterface', 'password') }}"
### geerlingguy.munin-node
munin_node_plugins:
munin_node_additional_plugins:
- name: chrony
- name: systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- name: lvm_
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- name: systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- name: acng
munin_node_install_plugins: # in eigenes Repo gesichert
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/acng
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/acng
munin_node_config: {
"acng": {
"env.logfile /var/log/apt-cacher-ng/apt-cacher.log"

13
group_vars/all.yml
View file

@ -9,7 +9,7 @@
munin_node_bind_host: "0.0.0.0"
munin_node_bind_port: "4949"
munin_node_allowed_cidrs: [192.168.2.0/24]
munin_node_remove_plugins:
munin_node_disabled_plugins:
- name: meminfo # zu hohe last
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
- name: squid_cache
@ -30,14 +30,13 @@
- name: kvm_cpu
- name: docker_mem
- name: docker_cpu
munin_node_plugins:
munin_node_additional_plugins:
- name: chrony
- name: systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- name: lvm_
munin_node_install_plugins: # in eigenes Repo gesichert
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- name: systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
munin_node_config: {
"lvm_": {
"user munin"

18
group_vars/docker.yml
View file

@ -19,3 +19,21 @@
/var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/**
# https://github.com/restic/restic/issues/1005
# https://forum.restic.net/t/exclude-syntax-confusion/1531/12
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.0.0/16
- rule: allow
to_port: 5000
protocol: tcp
comment: 'rss-feed-changedetection'
### geerlingguy.munin-node
munin_node_allowed_cidrs: [192.168.0.0/16] # weil der munin-server aus einem anderen subnet zugreift

15
group_vars/fileserver.yml
View file

@ -117,17 +117,16 @@
from_ip: 192.168.2.144/24
### geerlingguy.munin-node
munin_node_plugins:
munin_node_additional_plugins:
- name: chrony
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- name: systemd_status
- name: samba_locked
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- name: samba_users
munin_node_install_plugins: # in eigenes Repo gesichert
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_locked
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_users
munin_node_remove_plugins:
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_users
- name: samba_locked
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/samba_locked
munin_node_disabled_plugins:
- name: meminfo # zu hohe last
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
- name: squid_cache

30
group_vars/proxmox.yml
View file

@ -12,28 +12,28 @@
### mgrote.apcupsd
apcupsd_slave_polltime: 10 #in Sekunden
### geerlingguy.munin-node
munin_node_plugins:
munin_node_additional_plugins:
- name: chrony
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- name: lvm_
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/lvm_
- name: systemd_status
- name: hddtemp_smartctl
- name: zpool_iostat
- name: zfsonlinux_stats_
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- name: zfs_arcstats
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_arcstats
- name: zfsonlinux_stats_
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfsonlinux_stats_
- name: zpool_iostat
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_iostat
- name: zfs_list
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_list
- name: zpool_capacity
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_capacity
- name: kvm_mem
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_mem
- name: kvm_net
munin_node_install_plugins: # in eigenes Repo gesichert
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_arcstats
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfsonlinux_stats_
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_iostat
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_list
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_capacity
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_mem
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_net
munin_node_remove_plugins:
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_net
munin_node_disabled_plugins:
- name: meminfo # zu hohe last
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
- name: squid_cache

19
host_vars/docker.grote.lan.yml
View file

@ -1,19 +0,0 @@
---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 192.168.2.0/24
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.0.0/16
- rule: allow
to_port: 5000
protocol: tcp
comment: 'rss-feed-changedetection'
### geerlingguy.munin-node
munin_node_allowed_cidrs: [192.168.0.0/16] # weil der munin-server aus einem anderen subnet zugreift

46
host_vars/pve2.grote.lan.yml
View file

@ -249,36 +249,36 @@
### geerlingguy.munin-node
munin_node_plugins:
- name: chrony
- name: systemd_status
- name: apc_nis
- name: hddtemp_smartctl
- name: zpool_iostat
- name: zfsonlinux_stats_
- name: zfs_arcstats
- name: zfs_list
- name: zpool_capacity
- name: kvm_mem
- name: kvm_net
- name: apcupsd_pwr
munin_node_config: {
"apc_nis": {
"env.host": "pve2.grote.lan",
"env.port": "3551"
}
}
munin_node_install_plugins: # in eigenes Repo gesichert
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_arcstats
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfsonlinux_stats_
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_iostat
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_list
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_capacity
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_mem
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_net
- remote_src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/apcupsd_pwr
munin_node_remove_plugins:
munin_node_additional_plugins:
- name: chrony
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
- name: systemd_status
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/systemd_status
- name: zfs_arcstats
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_arcstats
- name: zfsonlinux_stats_
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfsonlinux_stats_
- name: zpool_iostat
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_iostat
- name: zfs_list
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zfs_list
- name: zpool_capacity
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/zpool_capacity
- name: kvm_mem
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_mem
- name: kvm_net
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/kvm_net
- name: apcupsd_pwr
src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/apcupsd_pwr
- name: apc_nis # ist lokal vorhanden
munin_node_disabled_plugins:
- name: meminfo # zu hohe last
- name: hddtemp2 # ersetzt durch hddtemp_smartctl
- name: squid_cache

2
playbooks/base/monitoring.yml
View file

@ -1,7 +1,7 @@
---
- hosts: production
roles:
- { role: geerlingguy.munin-node,
- { role: mgrote.munin-node,
become: true,
tags: "munin"}
### Die Host müssen auch beim Docker-Container: "munin-master eingetragen" werden.

97
roles/geerlingguy.munin-node/README.md
View file

@ -1,97 +0,0 @@
# Ansible Role: Munin Node
[![CI](https://github.com/geerlingguy/ansible-role-munin-node/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-munin-node/actions?query=workflow%3ACI)
Installs munin-node, a monitoring system endpoint, on RedHat/CentOS or Debian/Ubuntu Linux servers.
## Requirements
If using RedHat/CentOS, make sure you have the EPEL repository installed prior to using this role (you can install it using the [`geerlingguy.repo-epel`](https://galaxy.ansible.com/list#/roles/436) role).
## Role Variables
Available variables are listed below, along with default values:
munin_node_bind_host: "*"
munin_node_bind_port: "4949"
The host and port to which munin-node will bind. Common host options are `127.0.0.1` (localhost), or `*` (bind to all IP addresses). `4949` is the default Munin port.
munin_node_host_name: ''
Set this explicitly if the munin master doesn't report the correct hostname when telnetting in to munin-node. In most cases, the default should work fine.
munin_node_allowed_ips:
- '^127\.0\.0\.1$'
- '^::1$'
A list of IP addresses formatted as a python-style regular expression. Must use single quotes to allow the proper regex escaping to pass through to the configuration file. Hosts with these IP addresses will be allowed to connect to the server and get detailed system stats via munin-node.
munin_node_allowed_cidrs: []
A list of IP networks in CIDR format, for instance `10.0.0.0/8`. Hosts with an IP address in one of these networks will be allowed to connect to the server and get detailed system stats via munin-node.
munin_node_denied_cidrs: []
A list of IP networks in CIDR format, for instance `10.42.0.0/16`. Hosts with an IP address in one of these networks will be denied access to the server. This takes precedence over `munin_node_allowed_cidrs`: an IP address that matches both a network in `munin_node_allowed_cidrs` and a network in `munin_node_denied_cidrs` will be denied access.
### Munin Plugin Configuration
You can enable plugins using the `munin_node_plugins` list, like so:
munin_node_plugins:
- name: uptime
If the name of the resulting plugin does not match the name of the munin plugin from which it is generated (as is the case, say, with the `if_` plugin), you need to add a `plugin` field to the list item, like so:
munin_node_plugins:
- name: if_eth0
plugin: if_
#### Plugin settings
If you need to add plugin configuration for plugins you've added via `munin_node_plugins`, you can do so with a simple hashmap that has the plugin name (which will be the `[plugin]` section in the resulting configuration file), and a list of variable names and values. For example:
munin_node_config: {
"ps_test": {
"env.regex": "bash",
"env.name": "bash"
}
}
This configuration will generate a configuration file at `/etc/munin/plugin-conf.d/ansible.conf` with the following contents:
[ps_test]
env.regex bash
env.name bash
#### Install external plugins
You can install external plugins via `munin_node_install_plugins`.
Those plugins can be copied from local files or downloaded. For example:
munin_node_install_plugins: []
- src: files/munin/redis_
- remote_src: https://raw.githubusercontent.com/ohitz/phpfpm-multi-munin-plugin/master/phpfpm-multi
## Dependencies
None.
## Example Playbook
- hosts: servers
roles:
- { role: geerlingguy.munin-node }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).
Munin plugin configuration was added by Rafał Trójniak <ansible-galaxy@trojniak.net>.

47
roles/geerlingguy.munin-node/defaults/main.yml
View file

@ -1,47 +0,0 @@
---
munin_node_bind_host: "0.0.0.0"
munin_node_bind_port: "4949"
munin_node_host_name: ''
# Munin requires IPs be added as regular expressions.
munin_node_allowed_ips:
- '^127\.0\.0\.1$'
- '^::1$'
munin_node_allowed_cidrs: []
munin_node_denied_cidrs: []
# Source and destination of munin plugins.
munin_plugin_src_path: /usr/share/munin/plugins/
munin_plugin_dest_path: /etc/munin/plugins/
# List of munin plugins to enable.
munin_node_plugins: []
# - name: uptime
# - name: if_eth0
# plugin: if_
# - name: ps_test
# plugin: ps_
# List of munin plugins to install.
munin_node_install_plugins: []
# - src: files/munin/redis_
# - remote_src: https://raw.githubusercontent.com/ohitz/phpfpm-multi-munin-plugin/master/phpfpm-multi
# Plugin configuration options (the key is the plugin heading, items within will
# be options for the plugin).
munin_node_config: {
# "ps_test": {
# "env.regex": "bash",
# "env.name": "bash"
# }
}
munin_node_remove_plugins:
- name: meminfo
munin_node_log: /var/log/munin/munin-node.log
munin_node_pid: /var/run/munin/munin-node.pid

3
roles/geerlingguy.munin-node/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- role: mgrote.apt_install_packages

63
roles/geerlingguy.munin-node/tasks/main.yml
View file

@ -1,63 +0,0 @@
---
- name: Ensure munin-node is installed (Debian).
apt:
name: munin-node
state: present
when: ansible_os_family == 'Debian'
- name: Copy munin-node configuration.
template:
src: munin-node.conf.j2
dest: /etc/munin/munin-node.conf
owner: root
group: root
mode: 0644
notify: restart munin-node
- name: Generate plugin configuration.
template:
src: plugin-conf.j2
dest: /etc/munin/plugin-conf.d/ansible.conf
owner: root
group: root
mode: 0644
notify: restart munin-node
- name: Install extra plugins.
copy:
src: "{{ item.src }}"
dest: "{{ munin_plugin_src_path }}{{ item.src | basename }}"
mode: '0755'
with_items: "{{ munin_node_install_plugins }}"
when: item.src is defined
notify: restart munin-node
- name: Install extra remote plugins.
get_url:
url: "{{ item.remote_src }}"
dest: "{{ munin_plugin_src_path }}{{ item.remote_src | basename }}"
mode: '0755'
with_items: "{{ munin_node_install_plugins }}"
when: item.remote_src is defined
notify: restart munin-node
- name: Enable additional plugins.
file: # noqa 208
path: "{{ munin_plugin_dest_path }}{{ item.name }}"
src: "{{ munin_plugin_src_path }}{{ item.plugin | default( item.name ) }}"
state: link
with_items: "{{ munin_node_plugins }}"
notify: restart munin-node
- name: remove unwanted plugins
file: # noqa 208
path: "{{ munin_plugin_dest_path }}{{ item.name }}"
state: absent
with_items: "{{ munin_node_remove_plugins }}"
notify: restart munin-node
- name: Ensure munin-node is running.
service:
name: munin-node
state: started
enabled: yes

34
roles/mgrote.munin-node/defaults/main.yml Normal file
View file

@ -0,0 +1,34 @@
---
munin_node_log: /var/log/munin/munin-node.log
munin_node_pid: /var/run/munin/munin-node.pid
munin_node_plugin_timeout: 60 # in sec
munin_node_global_timeout: 900 # in sec
munin_node_host_name: '' # Set this if the client doesn't report the correct hostname
munin_node_allowed_ips: # A list of addresses that are allowed to connect Munin requires IPs be added as regular expressions.
- '^127\.0\.0\.1$'
- '^::1$'
munin_node_allowed_cidrs: [192.168.2.0/24] # A list of addresses that are allowed to connect
munin_node_denied_cidrs: [] # a list of addresses that are not allowed to connect
munin_node_bind_host: "0.0.0.0" # bind to interface
munin_node_bind_port: "4949" # bind to port
# Plugin configuration options (the key is the plugin heading, items within will
# be options for the plugin).
munin_node_config: {
# "ps_test": {
# "env.regex": "bash",
# "env.name": "bash"
# }
}
# Source and destination of munin plugins.
munin_plugin_src_path: /usr/share/munin/plugins/
munin_plugin_dest_path: /etc/munin/plugins/
munin_node_additional_plugins: # must be a textfile
# - name: chrony
# src: https://git.mgrote.net/mg/munin-plugins/raw/branch/master/chrony
# oder
# - name: apc_nis # wenn das plugin schon lokal vorhanden ist
munin_node_disabled_plugins:
# - name: meminfo # zu hohe last
#aufräum task der plguins einmal leer macht(beide src und dest)

2
roles/geerlingguy.munin-node/handlers/main.yml → roles/mgrote.munin-node/handlers/main.yml
View file

@ -1,5 +1,5 @@
---
- name: restart munin-node
service:
name: munin-node
name: munin-node
state: restarted

12
roles/mgrote.munin-node/readme.md Normal file
View file

@ -0,0 +1,12 @@
## mgrote.munin-node
### Beschreibung
Installiert munin-node + Plugins.
### Funktioniert auf
- [x] Ubuntu (>=18.04)
- [ ] Debian
- [x] ProxMox 6.1
### Variablen + Defaults
see [defaults](./defaults/main.yml)

55
roles/mgrote.munin-node/tasks/main.yml Normal file
View file

@ -0,0 +1,55 @@
---
- name: install packages
apt:
name: munin-node
state: present
register: install
- name: Copy munin-node configuration.
template:
src: munin-node.conf.j2
dest: /etc/munin/munin-node.conf
owner: root
group: root
mode: 0644
notify: restart munin-node
- name: Generate plugin configuration.
template:
src: plugin-conf.j2
dest: /etc/munin/plugin-conf.d/ansible.conf
owner: root
group: root
mode: 0644
notify: restart munin-node
- name: Install additional plugins.
get_url:
url: "{{ item.src }}"
dest: "{{ munin_plugin_src_path }}{{ item.name }}"
mode: '0755'
loop: "{{ munin_node_additional_plugins }}"
when: (item.src is defined) and (item.name is defined)
- name: Enable additional plugins.
file:
src: "{{ munin_plugin_src_path }}{{ item.name }}"
dest: "{{ munin_plugin_dest_path }}{{ item.name }}"
state: link
loop: "{{ munin_node_additional_plugins }}"
notify: restart munin-node
when: item.name is defined
- name: disable unwanted plugins
file:
path: "{{ munin_plugin_dest_path }}{{ item.name }}"
state: absent
loop: "{{ munin_node_disabled_plugins }}"
notify: restart munin-node
when: item.name is defined
- name: Ensure munin-node is running.
service:
name: munin-node
state: started
enabled: yes

7
roles/geerlingguy.munin-node/templates/munin-node.conf.j2 → roles/mgrote.munin-node/templates/munin-node.conf.j2
View file

@ -1,5 +1,4 @@
#
# Example config-file for munin-node
{{ file_header | default () }}
#
log_level 4
@ -14,11 +13,11 @@ group root
# This is the timeout for the whole transaction.
# Units are in sec. Default is 15 min
# global_timeout 900
global_timeout {{ munin_node_global_timeout }}
# This is the timeout for each plugin.
# Units are in sec. Default is 1 min
# timeout 60
timeout {{ munin_node_plugin_timeout }}
# Regexps for files to ignore
ignore_file [\#~]$

0
roles/geerlingguy.munin-node/templates/plugin-conf.j2 → roles/mgrote.munin-node/templates/plugin-conf.j2
View file