diff --git a/group_vars/acng.yml b/group_vars/acng.yml index de7839a7..921fa1a6 100644 --- a/group_vars/acng.yml +++ b/group_vars/acng.yml @@ -10,6 +10,11 @@ to_port: 9999 from_ip: 192.168.2.0/24 comment: 'acng' + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 ### mgrote.acng acng_server_port: 9999 acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf diff --git a/group_vars/all.yml b/group_vars/all.yml index 59a5e253..e8b806e6 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,4 +1,8 @@ --- + ### geerlingguy.munin-node + munin_node_bind_host: "0.0.0.0" + munin_node_bind_port: "4949" + munin_node_allowed_cidrs: [192.168.2.0/24] ### wird in vielen Rollen verwendet empfaenger_mail: michael.grote@posteo.de file_header: | @@ -69,7 +73,7 @@ use_sudo: yes use_sudo_nopass: yes user_state: present - groups: ssh, sudo + groups: ssh, sudo, docker servers: - production - test diff --git a/group_vars/docker.yml b/group_vars/docker.yml index bef0521f..9e6b9300 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -6,15 +6,13 @@ protocol: tcp comment: 'ssh' from_ip: 192.168.2.0/24 - # Weitere Regeln sind nicht notwendig da Docker iptables selber verwaltet. -# - rule: allow -# comment: 'alles erlauben' + - rule: allow # hier fehlt das netz, da der munin master in einem docker container auf diesem host läüft der eine andere ip hat + to_port: 4949 + protocol: tcp + comment: 'munin-node' ### geerlingguy.docker docker_users: - mg - - root - - ansible-user - - git ### mgrote.restic restic_folders_to_backup: /usr/local /etc /root /home /var/lib/docker restic_cron_hours: "*" @@ -29,3 +27,6 @@ /var/lib/docker/volumes/***musik*** # https://github.com/restic/restic/issues/1005 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 + ### geerlingguy.munin-node + munin_node_remove_plugins: + - name: sensors diff --git a/group_vars/dokuwiki.yml b/group_vars/dokuwiki.yml index 732a47ab..c542658f 100644 --- a/group_vars/dokuwiki.yml +++ b/group_vars/dokuwiki.yml @@ -12,3 +12,8 @@ to_port: 80 comment: 'dokuwiki-webserver' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml index a782ff2a..0c4e1f21 100644 --- a/group_vars/fileserver.yml +++ b/group_vars/fileserver.yml @@ -1,4 +1,7 @@ --- + ### geerlingguy.munin-node + munin_node_remove_plugins: + - name: sensors ### mgrote.smb_fileserver smb_users: - name: 'annemariedroessler' @@ -84,3 +87,8 @@ to_port: 139 comment: 'smb' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml index 9f4a4b98..55f438c9 100644 --- a/group_vars/gitea.yml +++ b/group_vars/gitea.yml @@ -18,6 +18,11 @@ protocol: tcp comment: 'gitea' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 ### tmaurice.gitea gitea_version: "1.13.4" gitea_app_name: "Gitea" diff --git a/group_vars/ntpserver.yml b/group_vars/ntpserver.yml index 407e2713..2500131d 100644 --- a/group_vars/ntpserver.yml +++ b/group_vars/ntpserver.yml @@ -10,6 +10,11 @@ to_port: 123 comment: 'ntp' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 ### mgrote.ntp_chrony_server ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile diff --git a/group_vars/pihole.yml b/group_vars/pihole.yml index d2b950e9..4f7f5eb5 100644 --- a/group_vars/pihole.yml +++ b/group_vars/pihole.yml @@ -19,3 +19,8 @@ - rule: allow to_port: 68 comment: 'pihole-dhcp' + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 diff --git a/group_vars/proxmox.yml b/group_vars/proxmox.yml index 25ea1724..c6be5765 100644 --- a/group_vars/proxmox.yml +++ b/group_vars/proxmox.yml @@ -18,9 +18,6 @@ ### mgrote.apcupsd apcupsd_slave_polltime: 10 #in Sekunden ### geerlingguy.munin-node - munin_node_bind_host: "*" - munin_node_bind_port: "4949" - munin_node_allowed_cidrs: [192.168.2.0/24] munin_node_plugins: - name: apc_nis - name: hddtemp_smartctl diff --git a/group_vars/wireguard.yml b/group_vars/wireguard.yml index 144b479a..eef869ae 100644 --- a/group_vars/wireguard.yml +++ b/group_vars/wireguard.yml @@ -16,4 +16,9 @@ comment: 'wireguard' interface: ens18 protocol: udp + - rule: allow + to_port: 4949 + protocol: tcp + comment: 'munin-node' + from_ip: 192.168.2.0/24 ufw_etc_default_default_forward_policy: ACCEPT diff --git a/playbooks/base/7_monitoring.yml b/playbooks/base/7_monitoring.yml index c84b814b..fda38ae9 100644 --- a/playbooks/base/7_monitoring.yml +++ b/playbooks/base/7_monitoring.yml @@ -4,8 +4,7 @@ - { role: geerlingguy.munin-node, become: true, tags: "munin", - when: "'physical' in group_names" } - + when: "not 'test' in group_names" } ### Die Host müssen auch beim Docker-Container: "munin-master eingetragen" werden. ### wird nur auf physischen Rechnern ausgeführt. ### Wenn ein Plugin nicht geht: munin-node-configure --shell --families=contrib,auto | sh -x diff --git a/roles/geerlingguy.munin-node/defaults/main.yml b/roles/geerlingguy.munin-node/defaults/main.yml index 358f9fac..ea7aedbf 100644 --- a/roles/geerlingguy.munin-node/defaults/main.yml +++ b/roles/geerlingguy.munin-node/defaults/main.yml @@ -1,5 +1,5 @@ --- -munin_node_bind_host: "*" +munin_node_bind_host: "0.0.0.0" munin_node_bind_port: "4949" munin_node_host_name: ''