From d695a964e7b90e9792ae54257978caeec2e8febe Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:40 +0200 Subject: [PATCH] [roles/service/munin-server] munin server setup --- roles/service/munin-server/defaults/main.yml | 10 ++ .../munin-server/files/default/id_ed25519 | 1 + .../munin-server/files/default/munin.conf | 162 ++++++++++++++++++ roles/service/munin-server/tasks/main.yml | 78 +++++++++ .../vars/default/vars_nginx_vhost_custom.yml | 24 +++ 5 files changed, 275 insertions(+) create mode 100644 roles/service/munin-server/defaults/main.yml create mode 100644 roles/service/munin-server/files/default/id_ed25519 create mode 100644 roles/service/munin-server/files/default/munin.conf create mode 100644 roles/service/munin-server/tasks/main.yml create mode 100644 roles/service/munin-server/vars/default/vars_nginx_vhost_custom.yml diff --git a/roles/service/munin-server/defaults/main.yml b/roles/service/munin-server/defaults/main.yml new file mode 100644 index 0000000..b5b335c --- /dev/null +++ b/roles/service/munin-server/defaults/main.yml @@ -0,0 +1,10 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# If not overridden in inventory or as a parameter, this is the value that will be used +# +--- +#munin_server_private: diff --git a/roles/service/munin-server/files/default/id_ed25519 b/roles/service/munin-server/files/default/id_ed25519 new file mode 100644 index 0000000..a3593ed --- /dev/null +++ b/roles/service/munin-server/files/default/id_ed25519 @@ -0,0 +1 @@ +# OVERRIDE PRIVATE KEY diff --git a/roles/service/munin-server/files/default/munin.conf b/roles/service/munin-server/files/default/munin.conf new file mode 100644 index 0000000..aa62550 --- /dev/null +++ b/roles/service/munin-server/files/default/munin.conf @@ -0,0 +1,162 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +# The next three variables specifies where the location of the RRD +# databases, the HTML output, logs and the lock/pid files. They all +# must be writable by the user running munin-cron. They are all +# defaulted to the values you see here. +# +#dbdir /var/lib/munin +#htmldir /var/cache/munin/www +#logdir /var/log/munin +#rundir /var/run/munin + +# Where to look for the HTML templates +# +#tmpldir /etc/munin/templates + +# Where to look for the static www files +# +#staticdir /etc/munin/static + +# temporary cgi files are here. note that it has to be writable by +# the cgi user (usually nobody or httpd). +# +# cgitmpdir /var/lib/munin/cgi-tmp + +# (Exactly one) directory to include all files from. +includedir /etc/munin/munin-conf.d + +# You can choose the time reference for "DERIVE" like graphs, and show +# "per minute", "per hour" values instead of the default "per second" +# +#graph_period second + +# Graphics files are generated either via cron or by a CGI process. +# See http://munin-monitoring.org/wiki/CgiHowto2 for more +# documentation. +# Since 2.0, munin-graph has been rewritten to use the cgi code. +# It is single threaded *by design* now. +# +#graph_strategy cron + +# munin-cgi-graph is invoked by the web server up to very many times at the +# same time. This is not optimal since it results in high CPU and memory +# consumption to the degree that the system can thrash. Again the default is +# 6. Most likely the optimal number for max_cgi_graph_jobs is the same as +# max_graph_jobs. +# +#munin_cgi_graph_jobs 6 + +# If the automatic CGI url is wrong for your system override it here: +# +#cgiurl_graph /munin-cgi/munin-cgi-graph + +# max_size_x and max_size_y are the max size of images in pixel. +# Default is 4000. Do not make it too large otherwise RRD might use all +# RAM to generate the images. +# +#max_size_x 4000 +#max_size_y 4000 + +# HTML files are normally generated by munin-html, no matter if the +# files are used or not. You can change this to on-demand generation +# by following the instructions in http://munin-monitoring.org/wiki/CgiHowto2 +# +# Notes: +# - moving to CGI for HTML means you cannot have graph generated by cron. +# - cgi html has some bugs, mostly you still have to launch munin-html by hand +# +#html_strategy cron + +# munin-update runs in parallel. +# +# The default max number of processes is 16, and is probably ok for you. +# +# If set too high, it might hit some process/ram/filedesc limits. +# If set too low, munin-update might take more than 5 min. +# +# If you want munin-update to not be parallel set it to 0. +# +#max_processes 16 + +# RRD updates are per default, performed directly on the rrd files. +# To reduce IO and enable the use of the rrdcached, uncomment it and set it to +# the location of the socket that rrdcached uses. +# +#rrdcached_socket /var/run/rrdcached.sock + +# Drop somejuser@fnord.comm and anotheruser@blibb.comm an email everytime +# something changes (OK -> WARNING, CRITICAL -> OK, etc) +#contact.someuser.command mail -s "Munin ${var:worst}: ${var:group}::${var:host}::${var:plugin}" somejuser@fnord.comm +#contact.anotheruser.command mail -s "Munin ${var:worst}: ${var:group}::${var:host}::${var:plugin}" anotheruser@blibb.comm +# +# For those with Nagios, the following might come in handy. In addition, +# the services must be defined in the Nagios server as well. +#contact.nagios.command /usr/bin/send_nsca nagios.host.comm -c /etc/nsca.conf + +# The maximum time the munin-update may take to get updates from all nodes, +# this might be interesting when using munin-async in case of large transactions and/or backlog. +# When using the munin protocol to connect to a node, then this value shouldn't be set higher than 240. +# In case it's higher, gaps might be seen in the graphs. +timeout_fetch_all_nodes 240 + +# The maximum amount of time in seconds we may work on 1 node. +# The value will be limited with timeout_fetch_all_nodes. +timeout_fetch_one_node 180 + +# a simple host tree +[localhost] + address ssh://munin-async@127.0.0.1:2/ + use_node_name yes + fail2ban.graph_category fail2ban + +# +# A more complex example of a host tree +# +## First our "normal" host. +# [fii.foo.com] +# address foo +# +## Then our other host... +# [fay.foo.com] +# address fay +# +## IPv6 host. note that the ip adress has to be in brackets +# [ip6.foo.com] +# address [2001::1234:1] +# +## Then we want totals... +# [foo.com;Totals] #Force it into the "foo.com"-domain... +# update no # Turn off data-fetching for this "host". +# +# # The graph "load1". We want to see the loads of both machines... +# # "fii=fii.foo.com:load.load" means "label=machine:graph.field" +# load1.graph_title Loads side by side +# load1.graph_order fii=fii.foo.com:load.load fay=fay.foo.com:load.load +# +# # The graph "load2". Now we want them stacked on top of each other. +# load2.graph_title Loads on top of each other +# load2.dummy_field.stack fii=fii.foo.com:load.load fay=fay.foo.com:load.load +# load2.dummy_field.draw AREA # We want area instead the default LINE2. +# load2.dummy_field.label dummy # This is needed. Silly, really. +# +# # The graph "load3". Now we want them summarised into one field +# load3.graph_title Loads summarised +# load3.combined_loads.sum fii.foo.com:load.load fay.foo.com:load.load +# load3.combined_loads.label Combined loads # Must be set, as this is +# # not a dummy field! +# +## ...and on a side note, I want them listen in another order (default is +## alphabetically) +# +# # Since [foo.com] would be interpreted as a host in the domain "com", we +# # specify that this is a domain by adding a semicolon. +# [foo.com;] +# node_order Totals fii.foo.com fay.foo.com +# diff --git a/roles/service/munin-server/tasks/main.yml b/roles/service/munin-server/tasks/main.yml new file mode 100644 index 0000000..92521c2 --- /dev/null +++ b/roles/service/munin-server/tasks/main.yml @@ -0,0 +1,78 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# Install munin-node and munin-async. +# +--- +- name: install munin + apt: + pkg: + - munin + state: present + policy_rc_d: 101 + tags: "online" + + +- name: copy munin.conf to /etc/munin/munin.conf + copy: + src: "{{item}}" + dest: "/etc/munin/munin.conf" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/munin.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/munin.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/munin.conf" + - "default/munin.conf" + + +- name: create .ssh-dir + file: + path: "/var/lib/munin/.ssh" + state: directory + mode: 0700 + owner: "munin" + group: "munin" + + +- name: copy id_ed25519 to /var/lib/munin/.ssh/id_ed25519 + copy: + src: "{{item}}" + dest: "/var/lib/munin/.ssh/id_ed25519" + mode: 0600 + owner: "munin" + group: "munin" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/id_ed25519" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/id_ed25519" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/id_ed25519" + - "default/id_ed25519" + + +- name: include vars_nginx_vhost_custom + include_vars: + file: "{{item}}" + name: vars_nginx_vhost_custom + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{munin_domain}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{munin_domain}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{munin_domain}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_nginx_vhost_custom.yml" + - "default/vars_nginx_vhost_custom.yml" + + +- name: configure munin vhost + include_role: + name: server/nginx/vhost-unified + vars: + vhost_type: "custom" + vhost_name: "{{munin_domain}}" + vhost_custom: + vhost_custom_pre_server: "{{vars_nginx_vhost_custom.vhost_custom_pre_server}}" + vhost_custom: "{{vars_nginx_vhost_custom.vhost_custom}}" diff --git a/roles/service/munin-server/vars/default/vars_nginx_vhost_custom.yml b/roles/service/munin-server/vars/default/vars_nginx_vhost_custom.yml new file mode 100644 index 0000000..87f33bb --- /dev/null +++ b/roles/service/munin-server/vars/default/vars_nginx_vhost_custom.yml @@ -0,0 +1,24 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +vhost_custom_pre_server: |- + +vhost_custom: |- + location /static/ { + alias /etc/munin/static/; + expires modified +1w; + auth_pam "awstats"; + auth_pam_service_name "nginx-awstats"; + } + + location / { + alias /var/cache/munin/www/; + expires modified +310s; + auth_pam "awstats"; + auth_pam_service_name "nginx-awstats"; + } + -- 2.43.0