From 92a7944e00f922379053d190db51c97681a72737 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Mon, 12 Aug 2024 16:25:14 +0200 Subject: [PATCH] fgf --- group_vars/all.yml | 2 +- group_vars/munin.yml | 5 +++ roles/mgrote_munin_server/defaults/main.yml | 9 +++++- roles/mgrote_munin_server/tasks/mail.yml | 32 +++++++++++++++++++ roles/mgrote_munin_server/tasks/main.yml | 3 ++ .../mgrote_munin_server/templates/ssmtp.conf | 14 ++++++++ 6 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 roles/mgrote_munin_server/tasks/mail.yml create mode 100644 roles/mgrote_munin_server/templates/ssmtp.conf diff --git a/group_vars/all.yml b/group_vars/all.yml index aebbb7ec..9c733b30 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -213,8 +213,8 @@ munin_node_disabled_plugins: - squid_traffic # proxmox - timesync - docker_volumesize2 - - docker_multi + munin_node_plugins: - name: chrony src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/chrony/chrony diff --git a/group_vars/munin.yml b/group_vars/munin.yml index 55f2ccc9..5171956d 100644 --- a/group_vars/munin.yml +++ b/group_vars/munin.yml @@ -42,6 +42,11 @@ munin_node_bind_port: "4949" munin_node_allowed_cidrs: [127.0.0.1] ### mgrote_munin_master +munin_mail_user: munin@mgrote.net +munin_mail_server: "{{ postfix_smtp_server }}" +munin_mail_port: "{{ 1025 }}" +munin_mail_tls: false + munin_enable_alerts: true munin_alerts_to: info@mgrote.net munin_hosts: diff --git a/roles/mgrote_munin_server/defaults/main.yml b/roles/mgrote_munin_server/defaults/main.yml index 028c646e..a1148584 100644 --- a/roles/mgrote_munin_server/defaults/main.yml +++ b/roles/mgrote_munin_server/defaults/main.yml @@ -26,8 +26,15 @@ munin_server_plugins: munin_cron_job: present munin_dbdir: "/var/lib/munin" munin_enable_alerts: true -munin_alerts_to: nobody@nowhere.com munin_hosts: - name: "{{ ansible_fqdn }}" address: "127.0.0.1" extra: ["use_node_name yes"] + +munin_mail_user: user +munin_mail_pass: geheim +munin_mail_server: mail.server.com +munin_mail_port: 25 +munin_mail_tls: false + +munin_alerts_to: nobody@nowhere.com diff --git a/roles/mgrote_munin_server/tasks/mail.yml b/roles/mgrote_munin_server/tasks/mail.yml new file mode 100644 index 00000000..1f9de5d6 --- /dev/null +++ b/roles/mgrote_munin_server/tasks/mail.yml @@ -0,0 +1,32 @@ +--- +- name: ensure packages are installed + become: true + ansible.builtin.package: + name: "{{ munin_packages }}" + state: present + +- name: Ensure needed dirs exists + ansible.builtin.file: + path: "{{ item }}" + state: directory + mode: '0755' + owner: munin + group: munin + loop: "{{ munin_dirs }}" + +- name: Ensure permissions are set + ansible.builtin.file: + path: /var/lib/munin/cgi-tmp + mode: 'ugo+rw' + state: directory + owner: munin + group: munin + recurse: true + +- name: Template apache config + ansible.builtin.template: + src: apache.conf + dest: /etc/apache2/sites-available/000-default.conf + notify: "restart apache2" + +... diff --git a/roles/mgrote_munin_server/tasks/main.yml b/roles/mgrote_munin_server/tasks/main.yml index 50cabf42..d1f3685f 100644 --- a/roles/mgrote_munin_server/tasks/main.yml +++ b/roles/mgrote_munin_server/tasks/main.yml @@ -72,4 +72,7 @@ owner: munin group: munin when: not placeholder.stat.exists + +- name: Include alerting tasks + ansible.builtin.include_tasks: mail.yml ... diff --git a/roles/mgrote_munin_server/templates/ssmtp.conf b/roles/mgrote_munin_server/templates/ssmtp.conf new file mode 100644 index 00000000..ac8d7cb2 --- /dev/null +++ b/roles/mgrote_munin_server/templates/ssmtp.conf @@ -0,0 +1,14 @@ +# The user that gets all the mails (UID < 1000, usually the admin) +root={{ munin_alerts_to }} + +# The mail server (where the mail is sent to), both port 465 or 587 should be acceptable +# See also https://support.google.com/mail/answer/78799 +mailhub={{ munin_mail_server }}:{{ munin_mail_port }} + +# The full hostname. Must be correctly formed, fully qualified domain name or GMail will reject connection. +hostname={{ munin_servername }} + +# Use implicit TLS (port 465). When using port 587, change UseSTARTTLS=Yes +TLS_CA_FILE=/etc/ssl/certs/ca-certificates.crt +UseTLS={{ munin_mail_tls }} +UseSTARTTLS=No