diff --git a/group_vars/all.yml b/group_vars/all.yml index aebbb7ec..9c733b30 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -213,8 +213,8 @@ munin_node_disabled_plugins: - squid_traffic # proxmox - timesync - docker_volumesize2 - - docker_multi + munin_node_plugins: - name: chrony src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony diff --git a/group_vars/munin.yml b/group_vars/munin.yml index 55f2ccc9..5171956d 100644 --- a/group_vars/munin.yml +++ b/group_vars/munin.yml @@ -42,6 +42,11 @@ munin_node_bind_port: "4949" munin_node_allowed_cidrs: [127.0.0.1] ### mgrote_munin_master +munin_mail_user: munin@mgrote.net +munin_mail_server: "{{ postfix_smtp_server }}" +munin_mail_port: "{{ 1025 }}" +munin_mail_tls: false + munin_enable_alerts: true munin_alerts_to: info@mgrote.net munin_hosts: diff --git a/roles/mgrote_munin_server/defaults/main.yml b/roles/mgrote_munin_server/defaults/main.yml index 028c646e..a1148584 100644 --- a/roles/mgrote_munin_server/defaults/main.yml +++ b/roles/mgrote_munin_server/defaults/main.yml @@ -26,8 +26,15 @@ munin_server_plugins: munin_cron_job: present munin_dbdir: "/var/lib/munin" munin_enable_alerts: true -munin_alerts_to: nobody@nowhere.com munin_hosts: - name: "{{ ansible_fqdn }}" address: "127.0.0.1" extra: ["use_node_name yes"] + +munin_mail_user: user +munin_mail_pass: geheim +munin_mail_server: mail.server.com +munin_mail_port: 25 +munin_mail_tls: false + +munin_alerts_to: nobody@nowhere.com diff --git a/roles/mgrote_munin_server/tasks/mail.yml b/roles/mgrote_munin_server/tasks/mail.yml new file mode 100644 index 00000000..1f9de5d6 --- /dev/null +++ b/roles/mgrote_munin_server/tasks/mail.yml @@ -0,0 +1,32 @@ +--- +- name: ensure packages are installed + become: true + ansible.builtin.package: + name: "{{ munin_packages }}" + state: present + +- name: Ensure needed dirs exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: '0755' + owner: munin + group: munin + loop: "{{ munin_dirs }}" + +- name: Ensure permissions are set + ansible.builtin.file: + path: /var/lib/munin/cgi-tmp + mode: 'ugo+rw' + state: directory + owner: munin + group: munin + recurse: true + +- name: Template apache config + ansible.builtin.template: + src: apache.conf + dest: /etc/apache2/sites-available/000-default.conf + notify: "restart apache2" + +... diff --git a/roles/mgrote_munin_server/tasks/main.yml b/roles/mgrote_munin_server/tasks/main.yml index 50cabf42..d1f3685f 100644 --- a/roles/mgrote_munin_server/tasks/main.yml +++ b/roles/mgrote_munin_server/tasks/main.yml @@ -72,4 +72,7 @@ owner: munin group: munin when: not placeholder.stat.exists + +- name: Include alerting tasks + ansible.builtin.include_tasks: mail.yml ... diff --git a/roles/mgrote_munin_server/templates/ssmtp.conf b/roles/mgrote_munin_server/templates/ssmtp.conf new file mode 100644 index 00000000..ac8d7cb2 --- /dev/null +++ b/roles/mgrote_munin_server/templates/ssmtp.conf @@ -0,0 +1,14 @@ +# The user that gets all the mails (UID < 1000, usually the admin) +root={{ munin_alerts_to }} + +# The mail server (where the mail is sent to), both port 465 or 587 should be acceptable +# See also https://support.google.com/mail/answer/78799 +mailhub={{ munin_mail_server }}:{{ munin_mail_port }} + +# The full hostname. Must be correctly formed, fully qualified domain name or GMail will reject connection. +hostname={{ munin_servername }} + +# Use implicit TLS (port 465). When using port 587, change UseSTARTTLS=Yes +TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt +UseTLS={{ munin_mail_tls }} +UseSTARTTLS=No