Delete OpenBSD stuff (mv to another repo), ansible-roles is now Linux-specific (even Debian-specific)
This commit is contained in:
Gregory Colpart
parent
8cfa0a6ef2
commit
4a81d12d03
|
|
@ -4,13 +4,6 @@
|
|||
apt:
|
||||
name: git
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Git is installed (OpenBSD)
|
||||
openbsd_pkg:
|
||||
name: git
|
||||
state: present
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
|
||||
- name: /etc is versioned with git
|
||||
command: "git init ."
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ Install and run evocheck ; a script for checking various settings automatically.
|
|||
## Tasks
|
||||
|
||||
The roles does not install evocheck by default as it should be installed through dependencies.
|
||||
For OpenBSD, it should be packaged, but the work is not done yet.
|
||||
|
||||
A separate `exec.yml` file can be imported manually in playbooks or roles to execute the script. Example :
|
||||
|
||||
|
|
|
|||
|
|
@ -1,87 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure that Munin is installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
- munin-plugins-extra
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- block:
|
||||
- name: Replace localdomain in Munin config
|
||||
replace:
|
||||
dest: /etc/munin/munin.conf
|
||||
regexp: 'localhost.localdomain'
|
||||
replace: '{{ ansible_fqdn }}'
|
||||
notify: restart munin-node
|
||||
|
||||
- name: Rename the localdomain data dir
|
||||
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
|
||||
args:
|
||||
creates: /var/lib/munin/{{ ansible_domain }}
|
||||
removes: /var/lib/munin/localdomain
|
||||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are disabled
|
||||
file:
|
||||
path: '/etc/munin/plugins/{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- http_loadtime
|
||||
- exim_mailqueue
|
||||
- exim_mailstats
|
||||
- nfsd
|
||||
- nfsd4
|
||||
- nfs_client
|
||||
- nfs4_client
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are enabled
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- meminfo
|
||||
- netstat_multi
|
||||
- tcp
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/share/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_virtualization_role != "guest"
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
block: |
|
||||
|
||||
[processes]
|
||||
user root
|
||||
|
||||
[vmstat]
|
||||
user root
|
||||
|
||||
[swap]
|
||||
user root
|
||||
when: ansible_kernel | search("-grs-")
|
||||
|
|
@ -1,6 +1,87 @@
|
|||
---
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
- name: Ensure that Munin is installed
|
||||
apt:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin
|
||||
- munin-node
|
||||
- munin-plugins-core
|
||||
- munin-plugins-extra
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- block:
|
||||
- name: Replace localdomain in Munin config
|
||||
replace:
|
||||
dest: /etc/munin/munin.conf
|
||||
regexp: 'localhost.localdomain'
|
||||
replace: '{{ ansible_fqdn }}'
|
||||
notify: restart munin-node
|
||||
|
||||
- name: Rename the localdomain data dir
|
||||
command: mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }}
|
||||
args:
|
||||
creates: /var/lib/munin/{{ ansible_domain }}
|
||||
removes: /var/lib/munin/localdomain
|
||||
notify: restart munin-node
|
||||
|
||||
when: not ansible_hostname == "localdomain"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are disabled
|
||||
file:
|
||||
path: '/etc/munin/plugins/{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
- http_loadtime
|
||||
- exim_mailqueue
|
||||
- exim_mailstats
|
||||
- nfsd
|
||||
- nfsd4
|
||||
- nfs_client
|
||||
- nfs4_client
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Ensure some Munin plugins are enabled
|
||||
file:
|
||||
src: "/usr/share/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- meminfo
|
||||
- netstat_multi
|
||||
- tcp
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/share/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_virtualization_role != "guest"
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: adjustments for grsec kernel
|
||||
blockinfile:
|
||||
dest: /etc/munin/plugin-conf.d/munin-node
|
||||
block: |
|
||||
|
||||
[processes]
|
||||
user root
|
||||
|
||||
[vmstat]
|
||||
user root
|
||||
|
||||
[swap]
|
||||
user root
|
||||
when: ansible_kernel | search("-grs-")
|
||||
|
|
|
|||
|
|
@ -1,100 +0,0 @@
|
|||
---
|
||||
|
||||
- name: Ensure that Munin is installed
|
||||
openbsd_pkg:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- munin-server
|
||||
- munin-node
|
||||
tags:
|
||||
- munin
|
||||
- packages
|
||||
|
||||
- name: Set munin.conf file
|
||||
template:
|
||||
src: munin.conf.j2
|
||||
dest: /etc/munin/munin.conf
|
||||
mode: "0644"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Create munin www directory
|
||||
file:
|
||||
path: '{{ munin_dir }}'
|
||||
state: directory
|
||||
owner: _munin
|
||||
group: www
|
||||
mode: "0755"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Set munin-node config
|
||||
template:
|
||||
src: munin-node.conf.j2
|
||||
dest: /etc/munin/munin-node.conf
|
||||
mode: "0644"
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Install munin cron
|
||||
copy:
|
||||
src: "crontab"
|
||||
dest: "/var/cron/tabs/_munin"
|
||||
owner: "_munin"
|
||||
group: "crontab"
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable munin plugins
|
||||
file:
|
||||
src: "/usr/local/libexec/munin/plugins/{{ item }}"
|
||||
dest: "/etc/munin/plugins/{{ item }}"
|
||||
state: link
|
||||
with_items:
|
||||
- cpu
|
||||
- df
|
||||
- df_inode
|
||||
- load
|
||||
- memory
|
||||
- munin_stats
|
||||
- netstat
|
||||
- open_files
|
||||
- pf_changes
|
||||
- pf_searches
|
||||
- pf_states
|
||||
- processes
|
||||
- systat
|
||||
- uptime
|
||||
- users
|
||||
- vmstat
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Enable network graphs
|
||||
file:
|
||||
src: "/usr/local/libexec/munin/plugins/if_"
|
||||
dest: "/etc/munin/plugins/if_{{ item }}"
|
||||
state: link
|
||||
notify: restart munin_node
|
||||
with_items: "{{ ansible_interfaces }}"
|
||||
|
||||
- name: Enable sensors plugin unless VM detected
|
||||
file:
|
||||
src: /usr/local/libexec/munin/plugins/sensors_
|
||||
dest: /etc/munin/plugins/sensors_temp
|
||||
state: link
|
||||
when: ansible_vio0 is undefined
|
||||
notify: restart munin_node
|
||||
tags:
|
||||
- munin
|
||||
|
||||
- name: Activating munin_node
|
||||
service:
|
||||
name: munin_node
|
||||
enabled: yes
|
||||
state: started
|
||||
tags:
|
||||
- munin
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
group: nagios
|
||||
mode: "0640"
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secured
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: "0750"
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- include: remount_usr_rw.yml
|
||||
when: nagios_plugins_directory | search ("/usr")
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
mode: "0755"
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios lib is secured
|
||||
file:
|
||||
dest: /usr/local/lib/nagios/
|
||||
mode: "0755"
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
|
@ -1,10 +1,51 @@
|
|||
---
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
tags:
|
||||
- nagios
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
group: nagios
|
||||
mode: "0640"
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secured
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: "0750"
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- include: remount_usr_rw.yml
|
||||
when: nagios_plugins_directory | search ("/usr")
|
||||
tags:
|
||||
- nagios
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
mode: "0755"
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- nagios-plugins
|
||||
|
||||
- name: Nagios lib is secured
|
||||
file:
|
||||
dest: /usr/local/lib/nagios/
|
||||
mode: "0755"
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
openbsd_pkg:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nrpe--
|
||||
- monitoring-plugins
|
||||
|
||||
- name: Create nrpe.d dir
|
||||
file:
|
||||
path: /etc/nrpe.d
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
|
||||
- name: Include nrpe.d dir in nrpe.cfg
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.cfg
|
||||
line: 'include_dir=/etc/nrpe.d'
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix_bsd.cfg.j2
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins_bsd/
|
||||
dest: /usr/local/libexec/nagios/plugins/
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0755"
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Starting and enabling nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
enabled: yes
|
||||
state: started
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
Role Name
|
||||
=========
|
||||
|
||||
Configure newsyslog by Evolix standard
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
# Syslog for Pack Evolix
|
||||
# MANAGED BY ANSIBLE, MODIFICATIONS WILL BE LOST
|
||||
# logfile_name owner:group mode count size when flags
|
||||
/var/cron/log root:wheel 600 52 * 168 Z
|
||||
/var/log/authlog root:wheel 640 52 * 168 Z
|
||||
/var/log/daemon 640 52 * 168 Z
|
||||
/var/log/lpd-errs 640 7 * 24 Z
|
||||
/var/log/maillog 640 52 * 168 Z
|
||||
/var/log/messages 644 52 * 168 Z
|
||||
/var/log/secure 600 52 * 168 Z
|
||||
/var/log/wtmp 644 7 * $W6D4 ZB
|
||||
/var/log/xferlog 640 7 250 * Z
|
||||
/var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd"
|
||||
/var/www/logs/access.log 644 4 * $W0 Z "pkill -USR1 -u root -U root -x httpd"
|
||||
/var/www/logs/error.log 644 7 250 * Z "pkill -USR1 -u root -U root -x httpd"
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
description: Basic configuration of newsyslog
|
||||
|
||||
issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
|
||||
platforms:
|
||||
- name: OpenBSD
|
||||
versions:
|
||||
- 6.1
|
||||
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
---
|
||||
|
||||
#- include: debian.yml
|
||||
# when: ansible_os_family == "Debian"
|
||||
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
# no need to enable any daemon, it's run (by default) with cron(8)
|
||||
- name: Configuring newsyslog
|
||||
copy:
|
||||
src: newsyslog.conf
|
||||
dest: /etc/newsyslog.conf
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: "0644"
|
||||
tags:
|
||||
- log
|
||||
- newsyslog
|
||||
|
|
@ -15,11 +15,7 @@ server:
|
|||
|
||||
# root-hints: "/var/unbound/etc/named.cache"
|
||||
# Uncomment to enable DNSSEC validation.
|
||||
{% if ansible_os_family == "OpenBSD" %}
|
||||
auto-trust-anchor-file: "/var/unbound/db/root.key"
|
||||
{% else %}
|
||||
#auto-trust-anchor-file: "/etc/unbound/root.key"
|
||||
{% endif %}
|
||||
# Serve zones authoritatively from Unbound to resolver clients.
|
||||
# Not for external service.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue