Merge branch 'unstable' into stable
This commit is contained in:
commit
e4daf04110
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
|
elastic_stack_version: "5.x"
|
||||||
|
|
||||||
elasticsearch_cluster_name: Null
|
elasticsearch_cluster_name: Null
|
||||||
elasticsearch_node_name: "${HOSTNAME}"
|
elasticsearch_node_name: "${HOSTNAME}"
|
||||||
elasticsearch_network_host: "[_site_, _local_]"
|
elasticsearch_network_host: "[_site_, _local_]"
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Use the correct debian repository
|
||||||
|
set_fact:
|
||||||
|
curator_debian_repository: '{% if ansible_distribution_release == "jessie" %}debian{% else %}debian9{% endif %}'
|
||||||
|
|
||||||
- name: Curator sources list is available
|
- name: Curator sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb http://packages.elastic.co/curator/4/debian stable main"
|
repo: "deb https://packages.elastic.co/curator/5/{{ curator_debian_repository }} stable main"
|
||||||
filename: elastic
|
filename: curator
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
- name: Elastic sources list is available
|
- name: Elastic sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
|
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||||
filename: elastic
|
filename: elastic
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
|
@ -1,51 +1,57 @@
|
||||||
# Evoacme 1.5
|
# Evoacme 2.0
|
||||||
|
|
||||||
EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
|
EvoAcme is an [Ansible](https://www.ansible.com/) role and a [Certbot](https://certbot.eff.org) wrapper for generate [Let's Encrypt](https://letsencrypt.org/) certificates.
|
||||||
|
|
||||||
It is a project hosted at [Evolix's forge](https://forge.evolix.org/projects/ansible-roles/repository/)
|
It is a project hosted at [Evolix's forge](https://forge.evolix.org/projects/ansible-roles/repository/)
|
||||||
|
|
||||||
# How to install
|
Evoacme is open source software licensed under the AGPLv3 License.
|
||||||
|
|
||||||
1 - Create a playbook with evoacme role
|
## Install
|
||||||
|
|
||||||
|
### 1 - Create a playbook with evoacme role
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
---
|
---
|
||||||
- hosts: hostname
|
- hosts: hostname
|
||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
- role: evoacme
|
- evoacme
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
2 - Install evoacme prerequisite with ansible
|
### 2 - Install evoacme prerequisite with ansible
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
ansible-playbook playbook.yml -Kl hostname
|
# ansible-playbook playbook.yml -K --limit hostname
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
3 - Include letsencrypt.conf in your webserver
|
### 3 - Include letsencrypt.conf in your webserver
|
||||||
|
|
||||||
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
|
For Apache, you just need to ensure that you don't overwrite "/.well-known/acme-challenge" Alias with a Redirect or Rewrite directive.
|
||||||
|
|
||||||
For Nginx, you must include letsencrypt.conf in all wanted vhost :
|
For Nginx, you must include `/etc/nginx/snippets/letsencrypt.conf` in all wanted vhosts :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
include /etc/nginx/letsencrypt.conf;
|
server {
|
||||||
nginx -t
|
[…]
|
||||||
service nginx reload
|
include /etc/nginx/snippets/letsencrypt.conf;
|
||||||
|
[…]
|
||||||
|
}
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
4 - Create a CSR for a vhost with make-csr
|
then reload the Nginx configuration :
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
# make-csr look for this file :
|
# nginx -t
|
||||||
# /etc/nginx/sites-enabled/vhostname
|
# service nginx reload
|
||||||
# /etc/nginx/sites-enabled/vhostname.conf
|
|
||||||
# /etc/apache2/sites-enabled/vhostname
|
|
||||||
# /etc/apache2/sites-enabled/vhostname.conf
|
|
||||||
make-csr vhostname
|
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
5 - Generate the certificate with evoacme
|
### 4 - Create a CSR for a vhost with make-csr
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# make-csr vhostname domain...
|
||||||
|
~~~
|
||||||
|
|
||||||
|
### 5 - Generate the certificate with evoacme
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
# evoacme look for /etc/ssl/requests/vhostname
|
# evoacme look for /etc/ssl/requests/vhostname
|
||||||
|
@ -53,7 +59,7 @@ make-csr vhostname
|
||||||
evoacme vhostname
|
evoacme vhostname
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
6 - Include ssl configuration
|
### 6 - Include ssl configuration
|
||||||
|
|
||||||
Sll configuration has generated, you must include it in your vhost.
|
Sll configuration has generated, you must include it in your vhost.
|
||||||
|
|
||||||
|
@ -68,7 +74,3 @@ For Nginx :
|
||||||
~~~
|
~~~
|
||||||
include /etc/nginx/ssl/vhost.conf;
|
include /etc/nginx/ssl/vhost.conf;
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
# License
|
|
||||||
|
|
||||||
Evoacme is open source software licensed under the AGPLv3 License.
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
name: apt
|
name: apt
|
||||||
tasks_from: backports.yml
|
tasks_from: backports.yml
|
||||||
|
|
||||||
- name: Add exceptions for certbot dependances
|
- name: Add exceptions for certbot dependencies
|
||||||
copy:
|
copy:
|
||||||
src: backports-certbot
|
src: backports-certbot
|
||||||
dest: /etc/apt/preferences.d/z-backports-certbot
|
dest: /etc/apt/preferences.d/z-backports-certbot
|
||||||
|
@ -28,26 +28,14 @@
|
||||||
path: /usr/local/bin/certbot
|
path: /usr/local/bin/certbot
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: stat /etc/cron.d/certbot
|
- name: Disable /etc/cron.d/certbot
|
||||||
stat:
|
command: mv /etc/cron.d/certbot /etc/cron.d/certbot.disabled
|
||||||
path: /etc/cron.d/certbot
|
args:
|
||||||
register: etc_cron_d_certbot
|
removes: /etc/cron.d/certbot
|
||||||
|
creates: /etc/cron.d/certbot.disabled
|
||||||
|
|
||||||
- name: Rename certbot dpkg cron to .disabled
|
- name: Install evoacme custom cron
|
||||||
copy:
|
copy:
|
||||||
remote_src: True
|
src: evoacme.cron
|
||||||
src: /etc/cron.d/certbot
|
dest: /etc/cron.daily/evoacme
|
||||||
dest: /etc/cron.d/certbot.disabled
|
|
||||||
when: etc_cron_d_certbot.stat.exists
|
|
||||||
|
|
||||||
- name: Remove certbot dpkg cron
|
|
||||||
file:
|
|
||||||
path: /etc/cron.d/certbot
|
|
||||||
state: absent
|
|
||||||
|
|
||||||
- name: Install certbot custom cron
|
|
||||||
copy:
|
|
||||||
src: certbot.cron
|
|
||||||
dest: /etc/cron.daily/certbot
|
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,15 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: move acme challenge conf if missplaced
|
||||||
|
command: mv /etc/nginx/letsencrypt.conf /etc/nginx/snippets/letsencrypt.conf
|
||||||
|
args:
|
||||||
|
removes: /etc/nginx/letsencrypt.conf
|
||||||
|
creates: /etc/nginx/snippets/letsencrypt.conf
|
||||||
|
|
||||||
- name: Copy acme challenge conf
|
- name: Copy acme challenge conf
|
||||||
template:
|
template:
|
||||||
src: templates/nginx.conf.j2
|
src: templates/nginx.conf.j2
|
||||||
dest: /etc/nginx/letsencrypt.conf
|
dest: /etc/nginx/snippets/letsencrypt.conf
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
---
|
---
|
||||||
|
- name: dbus is installed
|
||||||
|
apt:
|
||||||
|
name: dbus
|
||||||
|
state: installed
|
||||||
|
|
||||||
- name: Set hostname "{{ evolinux_hostname }}"
|
- name: Set hostname "{{ evolinux_hostname }}"
|
||||||
hostname:
|
hostname:
|
||||||
name: "{{ evolinux_hostname }}"
|
name: "{{ evolinux_hostname }}"
|
||||||
|
|
|
@ -32,6 +32,7 @@
|
||||||
- mtr-tiny
|
- mtr-tiny
|
||||||
- curl
|
- curl
|
||||||
- telnet
|
- telnet
|
||||||
|
- traceroute
|
||||||
when: evolinux_packages_diagnostic
|
when: evolinux_packages_diagnostic
|
||||||
|
|
||||||
- name: Install/Update hardware tools
|
- name: Install/Update hardware tools
|
||||||
|
@ -59,12 +60,6 @@
|
||||||
- pinentry-curses
|
- pinentry-curses
|
||||||
when: evolinux_packages_common
|
when: evolinux_packages_common
|
||||||
|
|
||||||
- name: Install/Update serveur-base meta-package
|
|
||||||
apt:
|
|
||||||
name: serveur-base
|
|
||||||
allow_unauthenticated: yes
|
|
||||||
when: evolinux_packages_serveur_base
|
|
||||||
|
|
||||||
- name: Be sure that openntpd package is absent/purged
|
- name: Be sure that openntpd package is absent/purged
|
||||||
apt:
|
apt:
|
||||||
name: openntpd
|
name: openntpd
|
||||||
|
@ -72,6 +67,12 @@
|
||||||
purge: yes
|
purge: yes
|
||||||
when: evolinux_packages_purge_openntpd
|
when: evolinux_packages_purge_openntpd
|
||||||
|
|
||||||
|
- name: Install/Update serveur-base meta-package
|
||||||
|
apt:
|
||||||
|
name: serveur-base
|
||||||
|
allow_unauthenticated: yes
|
||||||
|
when: evolinux_packages_serveur_base
|
||||||
|
|
||||||
- name: Install/Update packages for Stretch and later
|
- name: Install/Update packages for Stretch and later
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
---
|
---
|
||||||
|
elastic_stack_version: "5.x"
|
||||||
|
|
||||||
filebeat_kibana_dashboards: False
|
filebeat_kibana_dashboards: False
|
||||||
filebeat_logstash_plugin: False
|
filebeat_logstash_plugin: False
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
- name: Elastic sources list is available
|
- name: Elastic sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
|
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||||
filename: elastic
|
filename: elastic
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
|
@ -507,12 +507,12 @@ fi
|
||||||
if [ -n "${clamav_version}" ]; then
|
if [ -n "${clamav_version}" ]; then
|
||||||
cat <<EOT >> "${ldif_file}"
|
cat <<EOT >> "${ldif_file}"
|
||||||
|
|
||||||
dn: ServiceName=clamav_db,${computer_dn}
|
dn: ServiceName=clamd,${computer_dn}
|
||||||
NagiosEnabled: TRUE
|
NagiosEnabled: TRUE
|
||||||
objectClass: EvoService
|
objectClass: EvoService
|
||||||
ServiceName: clamav_db
|
ServiceName: clamd
|
||||||
ServiceType: antivirus
|
ServiceType: antivirus
|
||||||
ServiceVersion: ClamAV ${clamav_version}
|
ServiceVersion: Clamd ${clamav_version}
|
||||||
EOT
|
EOT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## TODO: add those URLs or domains to the proxy whitelist
|
||||||
|
# http://pkg.jenkins-ci.org/.*
|
||||||
|
# http://mirrors.jenkins.io/.*
|
||||||
|
# http://jenkins.mirror.isppower.de/.*
|
||||||
|
|
||||||
- name: Add jenkins GPG key
|
- name: Add jenkins GPG key
|
||||||
apt_key:
|
apt_key:
|
||||||
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
# url: https://jenkins-ci.org/debian/jenkins-ci.org.key
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
elastic_stack_version: "5.x"
|
||||||
|
|
||||||
kibana_server_host: "127.0.0.1"
|
kibana_server_host: "127.0.0.1"
|
||||||
kibana_server_basepath: ""
|
kibana_server_basepath: ""
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
- name: Elastic sources list is available
|
- name: Elastic sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
|
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||||
filename: elastic
|
filename: elastic
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
@ -64,27 +64,27 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Get mount options for /usr partition
|
# - name: Get mount options for /usr partition
|
||||||
shell: "mount | grep 'on /usr type'"
|
# shell: "mount | grep 'on /usr type'"
|
||||||
args:
|
# args:
|
||||||
warn: no
|
# warn: no
|
||||||
register: mount
|
# register: mount
|
||||||
changed_when: False
|
# changed_when: False
|
||||||
failed_when: False
|
# failed_when: False
|
||||||
when: not ansible_check_mode
|
# when: not ansible_check_mode
|
||||||
|
#
|
||||||
- block:
|
# - block:
|
||||||
- include_role:
|
# - include_role:
|
||||||
name: remount-usr
|
# name: remount-usr
|
||||||
|
#
|
||||||
- name: Move kibana optimize directory
|
# - name: Move kibana optimize directory
|
||||||
shell: "mv /usr/share/kibana/{{ item }} /var/lib/kibana/{{ item }} && ln -s /var/lib/kibana/{{ item }} /usr/share/kibana/{{ item }}"
|
# shell: "mv /usr/share/kibana/{{ item }} /var/lib/kibana/{{ item }} && ln -s /var/lib/kibana/{{ item }} /usr/share/kibana/{{ item }}"
|
||||||
args:
|
# args:
|
||||||
creates: "/var/lib/kibana/{{ item }}"
|
# creates: "/var/lib/kibana/{{ item }}"
|
||||||
notify: restart kibana
|
# notify: restart kibana
|
||||||
with_items:
|
# with_items:
|
||||||
- optimize
|
# - optimize
|
||||||
- data
|
# - data
|
||||||
|
|
||||||
- include: proxy_nginx.yml
|
- include: proxy_nginx.yml
|
||||||
when: kibana_proxy_nginx
|
when: kibana_proxy_nginx
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
---
|
---
|
||||||
|
elastic_stack_version: "5.x"
|
||||||
|
|
||||||
logstash_jvm_xms: 256m
|
logstash_jvm_xms: 256m
|
||||||
logstash_jvm_xmx: 1g
|
logstash_jvm_xmx: 1g
|
||||||
logstash_log_rotate_days: 365
|
logstash_log_rotate_days: 365
|
||||||
|
|
|
@ -19,7 +19,7 @@
|
||||||
|
|
||||||
- name: Elastic sources list is available
|
- name: Elastic sources list is available
|
||||||
apt_repository:
|
apt_repository:
|
||||||
repo: "deb https://artifacts.elastic.co/packages/5.x/apt stable main"
|
repo: "deb https://artifacts.elastic.co/packages/{{ elastic_stack_version | mandatory }}/apt stable main"
|
||||||
filename: elastic
|
filename: elastic
|
||||||
state: present
|
state: present
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
@ -59,6 +59,9 @@
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: /etc/logstash/conf.d/logstash.conf
|
dest: /etc/logstash/conf.d/logstash.conf
|
||||||
|
owner: logstash
|
||||||
|
group: logstash
|
||||||
|
mode: "0640"
|
||||||
force: yes
|
force: yes
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- "templates/logstash/logstash.{{ inventory_hostname }}.conf.j2"
|
- "templates/logstash/logstash.{{ inventory_hostname }}.conf.j2"
|
||||||
|
|
|
@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0'
|
||||||
# HTTP authorizations
|
# HTTP authorizations
|
||||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||||
HTTPSITES='security.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net zidane.evolix.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
HTTPSITES='security.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||||
|
|
||||||
# HTTPS authorizations
|
# HTTPS authorizations
|
||||||
HTTPSSITES='0.0.0.0/0'
|
HTTPSSITES='0.0.0.0/0'
|
||||||
|
|
|
@ -1,5 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: minifirewall_trusted_ips
|
||||||
|
verbosity: 1
|
||||||
|
- debug:
|
||||||
|
var: minifirewall_privilegied_ips
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
- name: Check if minifirewall is running
|
- name: Check if minifirewall is running
|
||||||
shell: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
shell: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
# mongodb-org
|
# mongodb
|
||||||
|
|
||||||
Install latest MongoDB from 10Gen repository.
|
Install MongoDB
|
||||||
|
|
||||||
|
We use packages from 10Gen for Jessie and packages from Debian for Stretch.
|
||||||
|
|
||||||
## Tasks
|
## Tasks
|
||||||
|
|
||||||
|
@ -8,8 +10,6 @@ Everything is in the `tasks/main.yml` file.
|
||||||
|
|
||||||
## Available variables
|
## Available variables
|
||||||
|
|
||||||
* `mongodb_pidfile_path`: PID file path (default: `/var/lib/mongodb/mongod.lock`)
|
|
||||||
* `mongodb_logfile_path`: log file path (default: `/var/log/mongodb/mongod.log`)
|
|
||||||
* `mongodb_port`: port to listen to (default: `27017`)
|
* `mongodb_port`: port to listen to (default: `27017`)
|
||||||
* `mongodb_bind`: IP to bind to (default: `127.0.0.1`)
|
* `mongodb_bind`: IP to bind to (default: `127.0.0.1`)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
mongodb_pidfile_path: /var/lib/mongodb/mongod.lock
|
|
||||||
mongodb_logfile_path: /var/log/mongodb/mongod.log
|
|
||||||
mongodb_port: 27017
|
mongodb_port: 27017
|
||||||
mongodb_bind: 127.0.0.1
|
mongodb_bind: 127.0.0.1
|
||||||
|
|
|
@ -1,7 +1,11 @@
|
||||||
---
|
---
|
||||||
# handlers file for mongodb
|
# handlers file for mongodb
|
||||||
- name: restart mongodb
|
- name: restart mongod
|
||||||
service:
|
service:
|
||||||
name: mongod
|
name: mongod
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart mongodb
|
||||||
|
service:
|
||||||
|
name: mongodb
|
||||||
|
state: restarted
|
||||||
|
|
|
@ -1,44 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- fail:
|
# - fail:
|
||||||
msg: only compatible with Debian 8
|
# msg: only compatible with Debian 8
|
||||||
when:
|
# when:
|
||||||
- ansible_distribution != "Debian" or ansible_distribution_release != "jessie"
|
# - ansible_distribution != "Debian" or ansible_distribution_release != "jessie"
|
||||||
|
|
||||||
# Attention à bien indiquer le protocole et le port, sinon le firewall ne laisse pas passer
|
- include: main_jessie.yml
|
||||||
- name: MongoDB public GPG Key
|
when: ansible_distribution_release == "jessie"
|
||||||
apt_key:
|
|
||||||
# url: https://www.mongodb.org/static/pgp/server-3.4.asc
|
|
||||||
data: "{{ lookup('file', 'server-3.4.asc') }}"
|
|
||||||
|
|
||||||
- name: enable APT sources list
|
- include: main_stretch.yml
|
||||||
apt_repository:
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
repo: deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main
|
|
||||||
state: present
|
|
||||||
filename: mongodb
|
|
||||||
update_cache: yes
|
|
||||||
|
|
||||||
- name: Install packages
|
|
||||||
apt:
|
|
||||||
name: mongodb-org
|
|
||||||
state: installed
|
|
||||||
|
|
||||||
- name: Custom configuration
|
|
||||||
template:
|
|
||||||
src: mongod.conf.j2
|
|
||||||
dest: /etc/mongod.conf
|
|
||||||
force: yes
|
|
||||||
backup: no
|
|
||||||
notify: restart mongodb
|
|
||||||
|
|
||||||
- name: Configure logrotate
|
|
||||||
template:
|
|
||||||
src: logrotate.j2
|
|
||||||
dest: /etc/logrotate.d/mongodb
|
|
||||||
force: yes
|
|
||||||
backup: no
|
|
||||||
|
|
||||||
- name: enable mongod service
|
|
||||||
service:
|
|
||||||
name: mongod
|
|
||||||
enabled: yes
|
|
||||||
|
|
33
mongodb/tasks/main_jessie.yml
Normal file
33
mongodb/tasks/main_jessie.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: MongoDB public GPG Key
|
||||||
|
apt_key:
|
||||||
|
# url: https://www.mongodb.org/static/pgp/server-3.4.asc
|
||||||
|
data: "{{ lookup('file', 'server-3.4.asc') }}"
|
||||||
|
|
||||||
|
- name: enable APT sources list
|
||||||
|
apt_repository:
|
||||||
|
repo: deb http://repo.mongodb.org/apt/debian jessie/mongodb-org/3.4 main
|
||||||
|
state: present
|
||||||
|
filename: mongodb
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Install packages
|
||||||
|
apt:
|
||||||
|
name: mongodb-org
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
- name: Custom configuration
|
||||||
|
template:
|
||||||
|
src: mongod_jessie.conf.j2
|
||||||
|
dest: "/etc/mongod.conf"
|
||||||
|
force: yes
|
||||||
|
backup: no
|
||||||
|
notify: restart mongod
|
||||||
|
|
||||||
|
- name: Configure logrotate
|
||||||
|
template:
|
||||||
|
src: logrotate_jessie.j2
|
||||||
|
dest: /etc/logrotate.d/mongodb
|
||||||
|
force: yes
|
||||||
|
backup: no
|
29
mongodb/tasks/main_stretch.yml
Normal file
29
mongodb/tasks/main_stretch.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install packages
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: installed
|
||||||
|
with_items:
|
||||||
|
- mongodb
|
||||||
|
- mongo-tools
|
||||||
|
|
||||||
|
- name: Custom configuration
|
||||||
|
template:
|
||||||
|
src: mongodb_stretch.conf.j2
|
||||||
|
dest: "/etc/mongodb.conf"
|
||||||
|
force: yes
|
||||||
|
backup: no
|
||||||
|
notify: restart mongodb
|
||||||
|
|
||||||
|
- name: enable service
|
||||||
|
service:
|
||||||
|
name: mongodb
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Configure logrotate
|
||||||
|
template:
|
||||||
|
src: logrotate_stretch.j2
|
||||||
|
dest: /etc/logrotate.d/mongodb
|
||||||
|
force: yes
|
||||||
|
backup: no
|
|
@ -1,6 +1,6 @@
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
{{ mongodb_logfile_path }} {
|
/var/log/mongodb/mongod.log {
|
||||||
daily
|
daily
|
||||||
missingok
|
missingok
|
||||||
rotate 365
|
rotate 365
|
||||||
|
@ -10,6 +10,6 @@
|
||||||
notifempty
|
notifempty
|
||||||
sharedscripts
|
sharedscripts
|
||||||
postrotate
|
postrotate
|
||||||
kill -0 $(cat {{ mongodb_pidfile_path }}) && kill -USR1 $(cat {{ mongodb_pidfile_path }})
|
pidof mongod | xargs kill -USR1
|
||||||
endscript
|
endscript
|
||||||
}
|
}
|
15
mongodb/templates/logrotate_stretch.j2
Normal file
15
mongodb/templates/logrotate_stretch.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
/var/log/mongodb/mongodb.log {
|
||||||
|
daily
|
||||||
|
missingok
|
||||||
|
rotate 365
|
||||||
|
dateext
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
notifempty
|
||||||
|
sharedscripts
|
||||||
|
postrotate
|
||||||
|
pidof mongod | xargs kill -USR1
|
||||||
|
endscript
|
||||||
|
}
|
|
@ -17,7 +17,7 @@ systemLog:
|
||||||
destination: file
|
destination: file
|
||||||
logRotate: reopen
|
logRotate: reopen
|
||||||
logAppend: true
|
logAppend: true
|
||||||
path: {{ mongodb_logfile_path }}
|
path: /var/log/mongodb/mongod.log
|
||||||
|
|
||||||
# network interfaces
|
# network interfaces
|
||||||
net:
|
net:
|
||||||
|
@ -25,7 +25,7 @@ net:
|
||||||
bindIp: {{ mongodb_bind }}
|
bindIp: {{ mongodb_bind }}
|
||||||
|
|
||||||
processManagement:
|
processManagement:
|
||||||
pidFilePath: {{ mongodb_pidfile_path }}
|
pidFilePath: /var/lib/mongodb/mongod.lock
|
||||||
|
|
||||||
#security:
|
#security:
|
||||||
|
|
39
mongodb/templates/mongodb_stretch.conf.j2
Normal file
39
mongodb/templates/mongodb_stretch.conf.j2
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
# mongodb.conf - {{ ansible_managed }}
|
||||||
|
|
||||||
|
# for documentation of all options, see:
|
||||||
|
# http://docs.mongodb.org/manual/reference/configuration-options/
|
||||||
|
|
||||||
|
# Where and how to store data.
|
||||||
|
storage:
|
||||||
|
dbPath: /var/lib/mongodb
|
||||||
|
journal:
|
||||||
|
enabled: true
|
||||||
|
# engine:
|
||||||
|
# mmapv1:
|
||||||
|
# wiredTiger:
|
||||||
|
|
||||||
|
# where to write logging data.
|
||||||
|
systemLog:
|
||||||
|
destination: file
|
||||||
|
logRotate: reopen
|
||||||
|
logAppend: true
|
||||||
|
path: /var/log/mongodb/mongodb.log
|
||||||
|
|
||||||
|
# network interfaces
|
||||||
|
net:
|
||||||
|
port: {{ mongodb_port }}
|
||||||
|
bindIp: {{ mongodb_bind }}
|
||||||
|
|
||||||
|
#security:
|
||||||
|
|
||||||
|
#operationProfiling:
|
||||||
|
|
||||||
|
#replication:
|
||||||
|
|
||||||
|
#sharding:
|
||||||
|
|
||||||
|
## Enterprise-Only Options:
|
||||||
|
|
||||||
|
#auditLog:
|
||||||
|
|
||||||
|
#snmp:
|
|
@ -22,3 +22,6 @@ mysql_cron_mysqltuner: True
|
||||||
mysql_cron_mysqltuner_frequency: monthly
|
mysql_cron_mysqltuner_frequency: monthly
|
||||||
|
|
||||||
mysql_force_new_nrpe_password: False
|
mysql_force_new_nrpe_password: False
|
||||||
|
|
||||||
|
mysql_evolinux_defaults_file: z-evolinux-defaults.cnf
|
||||||
|
mysql_evolinux_custom_file: zzz-evolinux-custom.cnf
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
mysql_config_directory: /etc/mysql/conf.d
|
||||||
|
|
||||||
- name: "Copy MySQL defaults config file (jessie)"
|
- name: "Copy MySQL defaults config file (jessie)"
|
||||||
copy:
|
copy:
|
||||||
src: evolinux-defaults.cnf
|
src: evolinux-defaults.cnf
|
||||||
dest: /etc/mysql/conf.d/z-evolinux-defaults.cnf
|
dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_defaults_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -13,7 +17,7 @@
|
||||||
- name: "Copy MySQL custom config file (jessie)"
|
- name: "Copy MySQL custom config file (jessie)"
|
||||||
template:
|
template:
|
||||||
src: evolinux-custom.cnf.j2
|
src: evolinux-custom.cnf.j2
|
||||||
dest: /etc/mysql/conf.d/zzz-evolinux-custom.cnf
|
dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- set_fact:
|
||||||
|
mysql_config_directory: /etc/mysql/mariadb.conf.d
|
||||||
|
|
||||||
- name: "Copy MySQL defaults config file (Debian 9 or later)"
|
- name: "Copy MySQL defaults config file (Debian 9 or later)"
|
||||||
copy:
|
copy:
|
||||||
src: evolinux-defaults.cnf
|
src: evolinux-defaults.cnf
|
||||||
dest: /etc/mysql/mariadb.conf.d/z-evolinux-defaults.cnf
|
dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_defaults_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
@ -13,7 +17,7 @@
|
||||||
- name: "Copy MySQL custom config file (Debian 9 or later)"
|
- name: "Copy MySQL custom config file (Debian 9 or later)"
|
||||||
template:
|
template:
|
||||||
src: evolinux-custom.cnf.j2
|
src: evolinux-custom.cnf.j2
|
||||||
dest: /etc/mysql/mariadb.conf.d/zzz-evolinux-custom.cnf
|
dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
|
@ -39,4 +39,7 @@
|
||||||
state: started
|
state: started
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
when: mysql_custom_datadir != '' and mysql_custom_datadir != mysql_current_real_datadir_test.stdout and not mysql_custom_datadir_test.stat.exists
|
when:
|
||||||
|
- mysql_custom_datadir != ''
|
||||||
|
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
|
||||||
|
- not mysql_custom_datadir_test.stat.exists
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
- name: Create a password for NRPE
|
- name: Create a password for NRPE
|
||||||
command: "apg -n 1 -m 16 -M lcN"
|
command: "apg -n 1 -m 16 -M lcN"
|
||||||
register: mysql_nrpe_password
|
register: mysql_nrpe_password
|
||||||
|
check_mode: no
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
- name: Create nrpe user
|
- name: Create nrpe user
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
- name: Configure tmpdir
|
- name: Configure tmpdir
|
||||||
ini_file:
|
ini_file:
|
||||||
dest: /etc/mysql/conf.d/zzz_evolinux.cnf
|
dest: "{{ mysql_config_directory }}/{{ mysql_evolinux_custom_file }}"
|
||||||
section: mysqld
|
section: mysqld
|
||||||
option: tmpdir
|
option: tmpdir
|
||||||
value: "{{ mysql_custom_tmpdir }}"
|
value: "{{ mysql_custom_tmpdir }}"
|
||||||
|
|
|
@ -22,3 +22,8 @@ file = /var/log/syslog
|
||||||
pattern = "as a STORAGE ENGINE failed"
|
pattern = "as a STORAGE ENGINE failed"
|
||||||
mailto = {{ log2mail_alert_email or general_alert_email | mandatory }}
|
mailto = {{ log2mail_alert_email or general_alert_email | mandatory }}
|
||||||
template = /etc/log2mail/mail
|
template = /etc/log2mail/mail
|
||||||
|
|
||||||
|
file = /var/log/syslog
|
||||||
|
pattern = "The total blob data length"
|
||||||
|
mailto = {{ log2mail_alert_email or general_alert_email | mandatory }}
|
||||||
|
template = /etc/log2mail/mail
|
||||||
|
|
|
@ -50,6 +50,7 @@ command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S
|
||||||
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
||||||
command[check_memcached]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 11211
|
command[check_memcached]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 11211
|
||||||
command[check_opendkim]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 54321
|
command[check_opendkim]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 54321
|
||||||
|
command[check_bkctld]=/usr/lib/nagios/plugins/check_bkctld
|
||||||
|
|
||||||
# Local checks (not packaged)
|
# Local checks (not packaged)
|
||||||
command[check_mem]={{ nagios_plugins_directory }}/check_mem -f -C -w 20 -c 10
|
command[check_mem]={{ nagios_plugins_directory }}/check_mem -f -C -w 20 -c 10
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
Package: nginx nginx-common nginx-doc nginx-extras nginx-extras-dbg nginx-full nginx-full-dbg nginx-light nginx-light-dbg libnginx-mod-* libssl1.0.0
|
Package: nginx nginx-* libnginx-* libssl*
|
||||||
Pin: release a=jessie-backports
|
Pin: release a=jessie-backports
|
||||||
Pin-Priority: 999
|
Pin-Priority: 999
|
||||||
|
|
|
@ -1,130 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: spawn-fcgi-munin-graph
|
|
||||||
# Required-Start: $all
|
|
||||||
# Required-Stop: $all
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Description: starts FastCGI for Munin-Graph
|
|
||||||
### END INIT INFO
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
# Munin-CGI-Graph Spawn-FCGI Startscript by Julien Schmidt
|
|
||||||
# eMail: munin-trac at julienschmidt.com
|
|
||||||
# www: http://www.julienschmidt.com
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
# Install:
|
|
||||||
# 1. Copy this file to /etc/init.d
|
|
||||||
# 2. Edit the variables below
|
|
||||||
# 3. run "update-rc.d spawn-fcgi-munin-graph defaults"
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
# Special thanks for their help to:
|
|
||||||
# Frantisek Princ
|
|
||||||
# J<>r<EFBFBD>me Warnier
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
# Last Update: 14. February 2013
|
|
||||||
#
|
|
||||||
# Please change the following variables:
|
|
||||||
|
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
||||||
NAME=spawn-fcgi-munin-graph
|
|
||||||
PID_FILE=/var/run/munin/$NAME.pid
|
|
||||||
SOCK_FILE=/var/run/munin/$NAME.sock
|
|
||||||
SOCK_USER=www-data
|
|
||||||
FCGI_USER=munin
|
|
||||||
FCGI_GROUP=munin
|
|
||||||
FCGI_WORKERS=2
|
|
||||||
DAEMON=/usr/bin/spawn-fcgi
|
|
||||||
DAEMON_OPTS="-s $SOCK_FILE -F $FCGI_WORKERS -U $SOCK_USER -u $FCGI_USER -g $FCGI_GROUP -P $PID_FILE -- /usr/lib/munin/cgi/munin-cgi-graph"
|
|
||||||
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
# No edits necessary beyond this line
|
|
||||||
# --------------------------------------------------------------
|
|
||||||
|
|
||||||
if [ ! -x $DAEMON ]; then
|
|
||||||
echo "File not found or is not executable: $DAEMON!"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
status() {
|
|
||||||
if [ ! -r $PID_FILE ]; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
for FCGI_PID in `cat $PID_FILE`; do
|
|
||||||
if [ -z "${FCGI_PID}" ]; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
FCGI_RUNNING=`ps -p ${FCGI_PID} | grep ${FCGI_PID}`
|
|
||||||
if [ -z "${FCGI_RUNNING}" ]; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
done;
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
start() {
|
|
||||||
if status; then
|
|
||||||
echo "FCGI is already running!"
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
$DAEMON $DAEMON_OPTS
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
stop () {
|
|
||||||
if ! status; then
|
|
||||||
echo "No PID-file at $PID_FILE found or PID not valid. Maybe not running"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Kill processes
|
|
||||||
for PID_RUNNING in `cat $PID_FILE`; do
|
|
||||||
kill -9 $PID_RUNNING
|
|
||||||
done
|
|
||||||
|
|
||||||
# Remove PID-file
|
|
||||||
rm -f $PID_FILE
|
|
||||||
|
|
||||||
# Remove Sock-File
|
|
||||||
rm -f $SOCK_FILE
|
|
||||||
}
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
start)
|
|
||||||
echo "Starting $NAME: "
|
|
||||||
start
|
|
||||||
echo "... DONE"
|
|
||||||
;;
|
|
||||||
|
|
||||||
stop)
|
|
||||||
echo "Stopping $NAME: "
|
|
||||||
stop
|
|
||||||
echo "... DONE"
|
|
||||||
;;
|
|
||||||
|
|
||||||
force-reload|restart)
|
|
||||||
echo "Stopping $NAME: "
|
|
||||||
stop
|
|
||||||
echo "Starting $NAME: "
|
|
||||||
start
|
|
||||||
echo "... DONE"
|
|
||||||
;;
|
|
||||||
|
|
||||||
status)
|
|
||||||
if status; then
|
|
||||||
echo "FCGI is RUNNING"
|
|
||||||
else
|
|
||||||
echo "FCGI is NOT RUNNING"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "Usage: $0 {start|stop|force-reload|restart|status}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit 0
|
|
10
nginx/files/systemd/spawn-fcgi-munin-graph.service
Normal file
10
nginx/files/systemd/spawn-fcgi-munin-graph.service
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Munin zoom for nginx.
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/spawn-fcgi-munin-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -12,29 +12,24 @@
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- liblwp-useragent-determined-perl
|
- liblwp-useragent-determined-perl
|
||||||
|
- libcgi-fast-perl
|
||||||
- spawn-fcgi
|
- spawn-fcgi
|
||||||
|
|
||||||
- name: Adjust rights for munin-cgi
|
- name: Adjust rights for munin-cgi
|
||||||
file:
|
shell: "chown --verbose www-data:munin /var/log/munin/munin-cgi-*"
|
||||||
path: '{{ item }}'
|
register: command_result
|
||||||
owner: munin
|
changed_when: "'changed' in command_result.stdout"
|
||||||
group: adm
|
args:
|
||||||
with_fileglob:
|
warn: no
|
||||||
- /var/log/munin/munin-cgi-*
|
|
||||||
|
|
||||||
- name: Install Init script for Munin-fcgi
|
- name: Install Init script for Munin-fcgi
|
||||||
copy:
|
copy:
|
||||||
src: init.d/spawn-fcgi-munin-graph
|
src: systemd/spawn-fcgi-munin-graph.service
|
||||||
dest: /etc/init.d/
|
dest: /etc/systemd/system/spawn-fcgi-munin-graph.service
|
||||||
mode: "0755"
|
|
||||||
register: install_spawn_fcgi_munin_graph
|
|
||||||
|
|
||||||
- name: Reload systemd
|
- name: Enable and start Munin-fcgi
|
||||||
command: systemctl daemon-reload
|
systemd:
|
||||||
when: install_spawn_fcgi_munin_graph | changed
|
|
||||||
|
|
||||||
- name: Ensure that Munin-fcgi is started/stopped correctly
|
|
||||||
service:
|
|
||||||
name: spawn-fcgi-munin-graph
|
name: spawn-fcgi-munin-graph
|
||||||
|
daemon_reload: yes
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
|
|
|
@ -4,5 +4,6 @@ ntpd_servers:
|
||||||
ntpd_acls:
|
ntpd_acls:
|
||||||
- '127.0.0.1'
|
- '127.0.0.1'
|
||||||
- '::1'
|
- '::1'
|
||||||
- '-4 ignore'
|
- '-4 default ignore'
|
||||||
- '-6 ignore'
|
- '-6 default ignore'
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,11 @@
|
||||||
---
|
---
|
||||||
|
- name: Remove openntpd package
|
||||||
|
apt:
|
||||||
|
name: openntpd
|
||||||
|
state: absent
|
||||||
|
tags:
|
||||||
|
- ntp
|
||||||
|
|
||||||
- name: Install ntp package
|
- name: Install ntp package
|
||||||
apt:
|
apt:
|
||||||
name: ntp
|
name: ntp
|
||||||
|
|
|
@ -48,6 +48,7 @@
|
||||||
- name: Custom php.ini for CLI
|
- name: Custom php.ini for CLI
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ phpini_cli_custom_file }}"
|
dest: "{{ phpini_cli_custom_file }}"
|
||||||
|
mode: "0644"
|
||||||
content: |
|
content: |
|
||||||
; Put customized values here.
|
; Put customized values here.
|
||||||
force: no
|
force: no
|
||||||
|
@ -62,4 +63,3 @@
|
||||||
with_items:
|
with_items:
|
||||||
- { option: "date.timezone", value: "Europe/Paris" }
|
- { option: "date.timezone", value: "Europe/Paris" }
|
||||||
when: php_symfony_requirements
|
when: php_symfony_requirements
|
||||||
|
|
||||||
|
|
|
@ -49,6 +49,7 @@
|
||||||
- name: "Custom php.ini for CLI (Debian 9 or later)"
|
- name: "Custom php.ini for CLI (Debian 9 or later)"
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ phpini_cli_custom_file }}"
|
dest: "{{ phpini_cli_custom_file }}"
|
||||||
|
mode: "0644"
|
||||||
content: |
|
content: |
|
||||||
; Put customized values here.
|
; Put customized values here.
|
||||||
; default_charset = "ISO-8859-1"
|
; default_charset = "ISO-8859-1"
|
||||||
|
|
|
@ -103,7 +103,7 @@
|
||||||
- name: enable spam.sh cron
|
- name: enable spam.sh cron
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/cron.d/spam
|
dest: /etc/cron.d/spam
|
||||||
line: "42 * * * * /usr/share/scripts/spam.sh"
|
line: "42 * * * * root /usr/share/scripts/spam.sh"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
changed_when: check_ftp_account.rc != 0
|
changed_when: check_ftp_account.rc != 0
|
||||||
register: check_ftp_account
|
register: check_ftp_account
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Generate FTP password
|
- name: Generate FTP password
|
||||||
command: apg -n1
|
command: apg -n1
|
||||||
|
@ -14,14 +14,14 @@
|
||||||
check_mode: no
|
check_mode: no
|
||||||
when: check_ftp_account.rc != 0
|
when: check_ftp_account.rc != 0
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Print generated password
|
- name: Print generated password
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ ftp_password.stdout }}"
|
msg: "{{ ftp_password.stdout }}"
|
||||||
when: check_ftp_account.rc != 0
|
when: check_ftp_account.rc != 0
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Hash generated FTP password
|
- name: Hash generated FTP password
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -29,7 +29,7 @@
|
||||||
check_mode: no
|
check_mode: no
|
||||||
when: check_ftp_account.rc != 0
|
when: check_ftp_account.rc != 0
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Get current FTP password
|
- name: Get current FTP password
|
||||||
shell: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
|
shell: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd | cut -d':' -f2
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
when: check_ftp_account.rc == 0
|
when: check_ftp_account.rc == 0
|
||||||
changed_when: false
|
changed_when: false
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Get current FTP password
|
- name: Get current FTP password
|
||||||
set_fact:
|
set_fact:
|
||||||
|
@ -47,7 +47,7 @@
|
||||||
when: check_ftp_account.rc == 0
|
when: check_ftp_account.rc == 0
|
||||||
changed_when: false
|
changed_when: false
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Create FTP account
|
- name: Create FTP account
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -58,7 +58,7 @@
|
||||||
line: "{{ proftpd_name }}:{{ proftpd_password }}:{{ proftpd_uid }}:{{ proftpd_gid }}::{{ proftpd_home }}:/bin/false"
|
line: "{{ proftpd_name }}:{{ proftpd_password }}:{{ proftpd_uid }}:{{ proftpd_gid }}::{{ proftpd_home }}:/bin/false"
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Allow FTP account
|
- name: Allow FTP account
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -68,4 +68,4 @@
|
||||||
insertbefore: "DenyAll"
|
insertbefore: "DenyAll"
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
name: proftpd-basic
|
name: proftpd-basic
|
||||||
state: present
|
state: present
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
- packages
|
- packages
|
||||||
|
|
||||||
- name: ftpusers groupe exists
|
- name: ftpusers groupe exists
|
||||||
group:
|
group:
|
||||||
|
@ -13,7 +13,7 @@
|
||||||
state: present
|
state: present
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: local jail is installed
|
- name: local jail is installed
|
||||||
template:
|
template:
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
force: no
|
force: no
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: mod_tls_memcache is disabled
|
- name: mod_tls_memcache is disabled
|
||||||
replace:
|
replace:
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
replace: '#LoadModule mod_tls_memcache.c'
|
replace: '#LoadModule mod_tls_memcache.c'
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
- name: Put empty vpasswd file if missing
|
- name: Put empty vpasswd file if missing
|
||||||
copy:
|
copy:
|
||||||
|
@ -41,7 +41,7 @@
|
||||||
force: no
|
force: no
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
||||||
# Why 440? Because should be edited with ftpasswd.
|
# Why 440? Because should be edited with ftpasswd.
|
||||||
# So, readonly when opened with vim.
|
# So, readonly when opened with vim.
|
||||||
|
@ -54,4 +54,4 @@
|
||||||
group: root
|
group: root
|
||||||
notify: restart proftpd
|
notify: restart proftpd
|
||||||
tags:
|
tags:
|
||||||
- proftpd
|
- proftpd
|
||||||
|
|
4
rabbitmq/defaults/main.yml
Normal file
4
rabbitmq/defaults/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
rabbitmq_connections_critical: 200
|
||||||
|
rabbitmq_connections_warning: 150
|
226
rabbitmq/files/check_rabbitmq
Normal file
226
rabbitmq/files/check_rabbitmq
Normal file
|
@ -0,0 +1,226 @@
|
||||||
|
#!/usr/bin/env python2
|
||||||
|
from optparse import OptionParser
|
||||||
|
import shlex
|
||||||
|
import subprocess
|
||||||
|
import sys
|
||||||
|
import requests
|
||||||
|
import json
|
||||||
|
|
||||||
|
if "check_output" not in dir( subprocess ): # duck punch it in!
|
||||||
|
def f(*popenargs, **kwargs):
|
||||||
|
if 'stdout' in kwargs:
|
||||||
|
raise ValueError('stdout argument not allowed, it will be overridden.')
|
||||||
|
process = subprocess.Popen(stdout=subprocess.PIPE, *popenargs, **kwargs)
|
||||||
|
output, unused_err = process.communicate()
|
||||||
|
retcode = process.poll()
|
||||||
|
if retcode:
|
||||||
|
cmd = kwargs.get("args")
|
||||||
|
if cmd is None:
|
||||||
|
cmd = popenargs[0]
|
||||||
|
raise subprocess.CalledProcessError(retcode, cmd)
|
||||||
|
return output
|
||||||
|
subprocess.check_output = f
|
||||||
|
|
||||||
|
|
||||||
|
class RabbitCmdWrapper(object):
|
||||||
|
"""So basically this just runs rabbitmqctl commands and returns parsed output.
|
||||||
|
Typically this means you need root privs for this to work.
|
||||||
|
Made this it's own class so it could be used in other monitoring tools
|
||||||
|
if desired."""
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def list_connections(cls):
|
||||||
|
args = shlex.split("sudo rabbitmqctl list_connections")
|
||||||
|
cmd_result = subprocess.check_output(args).strip()
|
||||||
|
results = cls._parse_list_results(cmd_result)
|
||||||
|
return results
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def list_queues(cls):
|
||||||
|
args = shlex.split('sudo rabbitmqctl list_queues')
|
||||||
|
cmd_result = subprocess.check_output(args).strip()
|
||||||
|
results = cls._parse_list_results(cmd_result)
|
||||||
|
return results
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def status(cls):
|
||||||
|
args = shlex.split('sudo rabbitmqctl status')
|
||||||
|
cmd_result = subprocess.check_output(args).strip()
|
||||||
|
results = cls._parse_list_results(cmd_result)
|
||||||
|
return results
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def _parse_list_results(cls, result_string):
|
||||||
|
results = result_string.strip().split('\n')
|
||||||
|
#remove text fluff
|
||||||
|
if "Listing connections ..." in results: results.remove("Listing connections ...")
|
||||||
|
if "Listing queues ..." in results: results.remove("Listing queues ...")
|
||||||
|
return_data = []
|
||||||
|
for row in results:
|
||||||
|
return_data.append(row.split('\t'))
|
||||||
|
return return_data
|
||||||
|
|
||||||
|
|
||||||
|
def check_connection_count(critical=0, warning=0):
|
||||||
|
"""Checks to make sure the numbers of connections are within parameters."""
|
||||||
|
try:
|
||||||
|
count = len(RabbitCmdWrapper.list_connections())
|
||||||
|
if count >= critical:
|
||||||
|
print "CRITICAL - Connection Count %d" % count
|
||||||
|
sys.exit(2)
|
||||||
|
elif count >= warning:
|
||||||
|
print "WARNING - Connection Count %d" % count
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print "OK - Connection Count %d" % count
|
||||||
|
except Exception, err:
|
||||||
|
print "CRITICAL - %s" % err
|
||||||
|
|
||||||
|
|
||||||
|
def check_queues_count(critical=1000, warning=1000):
|
||||||
|
"""
|
||||||
|
A blanket check to make sure all queues are within count parameters.
|
||||||
|
TODO: Possibly break this out so test can be done on individual queues.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
critical_q = []
|
||||||
|
warning_q = []
|
||||||
|
results = RabbitCmdWrapper.list_queues()
|
||||||
|
for queue in results:
|
||||||
|
if queue.count == 2:
|
||||||
|
count = int(queue[1])
|
||||||
|
if count >= critical:
|
||||||
|
critical_q.append("%s: %s" % (queue[0], count))
|
||||||
|
elif count >= warning:
|
||||||
|
warning_q.append("%s: %s" % (queue[0], count))
|
||||||
|
if critical_q:
|
||||||
|
print "CRITICAL - %s" % ", ".join(critical_q)
|
||||||
|
sys.exit(2)
|
||||||
|
elif warning_q:
|
||||||
|
print "WARNING - %s" % ", ".join(warning_q)
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print "OK - NO QUEUES EXCEED THRESHOLDS"
|
||||||
|
sys.exit(0)
|
||||||
|
except Exception, err:
|
||||||
|
print "CRITICAL - %s" % err
|
||||||
|
sys.exit(2)
|
||||||
|
|
||||||
|
def check_mem_usage(critical=75, warning=50):
|
||||||
|
"""Check to make sure the RAM usage of rabbitmq process does not exceed 50%% of its max"""
|
||||||
|
try:
|
||||||
|
results = RabbitCmdWrapper.status()
|
||||||
|
|
||||||
|
for idx,val in enumerate(results):
|
||||||
|
if "memory," in str(val):
|
||||||
|
mem_used_raw = str(results[idx + 1])
|
||||||
|
if "vm_memory_limit" in str(val):
|
||||||
|
mem_limit_raw = str(val)
|
||||||
|
|
||||||
|
memory_used = float(filter(str.isdigit, mem_used_raw))
|
||||||
|
memory_limit = float(filter(str.isdigit, mem_limit_raw))
|
||||||
|
percent_usage = int(memory_used/memory_limit * 100)
|
||||||
|
|
||||||
|
if percent_usage > critical:
|
||||||
|
print "CRITICAL - RABBITMQ RAM USAGE at %s%% of max" % percent_usage
|
||||||
|
sys.exit(2)
|
||||||
|
elif percent_usage > warning:
|
||||||
|
print "WARNING - RABBITMQ RAM USAGE at %s%% of max" % percent_usage
|
||||||
|
sys.exit(1)
|
||||||
|
else:
|
||||||
|
print "OK - RABBITMQ RAM USAGE OK at %s%% of max" % percent_usage
|
||||||
|
sys.exit(0)
|
||||||
|
except Exception, err:
|
||||||
|
print "Critical - %s" % err
|
||||||
|
sys.exit(2)
|
||||||
|
|
||||||
|
def check_aliveness(username, password, timeout, cluster):
|
||||||
|
"""Declares a test queue, then publishes and consumes a message. Intended for use by monitoring tools. If everything is working correctly, will return HTTP status 200 with body"""
|
||||||
|
try:
|
||||||
|
r = requests.get("http://%s:15672/api/aliveness-test/%%2F" % cluster, auth=(username, password), timeout=timeout)
|
||||||
|
except requests.exceptions.RequestException as e: # Throw error if rabbitmq is down
|
||||||
|
print "Critical - %s" % e
|
||||||
|
sys.exit(2)
|
||||||
|
if r.status_code == 200:
|
||||||
|
print "OK - RABBITMQ Aliveness Test Returns: %s" % r
|
||||||
|
sys.exit(0)
|
||||||
|
elif r.status_code != 200:
|
||||||
|
print "CRITICAL - RabbitMQ Error: %s" % r.content
|
||||||
|
sys.exit(2)
|
||||||
|
else:
|
||||||
|
print "UNKNOWN - RABBITMQ Aliveness Test"
|
||||||
|
sys.ext(1)
|
||||||
|
|
||||||
|
def check_cluster(username, password, timeout, cluster):
|
||||||
|
"""Checks the health of a cluster, if a node is not running mark as offline """
|
||||||
|
try:
|
||||||
|
url = "http://%s:15672/api/nodes" % cluster
|
||||||
|
r = requests.get(url, auth=(username, password), timeout=timeout)
|
||||||
|
except requests.exceptions.RequestException as e: # Throw error if no response
|
||||||
|
print "Critical - %s" % e
|
||||||
|
sys.exit(2)
|
||||||
|
text = r.text
|
||||||
|
nodes = json.loads(text)
|
||||||
|
|
||||||
|
running_nodes = []
|
||||||
|
failed_nodes = []
|
||||||
|
for node in nodes:
|
||||||
|
if not node['running']:
|
||||||
|
failed_nodes.append(node['name'])
|
||||||
|
if node['running']:
|
||||||
|
running_nodes.append(node['name'])
|
||||||
|
if len(failed_nodes) == 1:
|
||||||
|
print "WARNING: RabbitMQ cluster is degraged: Not running %s" % failed_nodes[0]
|
||||||
|
sys.exit(1)
|
||||||
|
elif len(failed_nodes) >= 2:
|
||||||
|
print "CRITICAL: RabbitMQ cluster is critical: Not running %s" % failed_nodes
|
||||||
|
sys.exit(2)
|
||||||
|
else:
|
||||||
|
print "OK: RabbitMQ cluster members: %s" % (" ".join(running_nodes))
|
||||||
|
sys.exit(0)
|
||||||
|
|
||||||
|
|
||||||
|
USAGE = """Usage: ./check_rabbitmq -a [action] -C [critical] -W [warning]
|
||||||
|
Actions:
|
||||||
|
- connection_count
|
||||||
|
checks the number of connection in rabbitmq's list_connections
|
||||||
|
- queues_count
|
||||||
|
checks the count in each of the queues in rabbitmq's list_queues
|
||||||
|
- mem_usage
|
||||||
|
checks to ensure mem usage of rabbitmq process does not exceed 50%
|
||||||
|
- aliveness
|
||||||
|
Use the /api/aliveness-test API to send/receive a message. (requires -u username -p password args)
|
||||||
|
- cluster_status
|
||||||
|
Parse /api/nodes to check the cluster status. (requires -u username -p password"""
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
parser = OptionParser(USAGE)
|
||||||
|
parser.add_option("-a", "--action", dest="action",
|
||||||
|
help="Action to Check")
|
||||||
|
parser.add_option("-C", "--critical", dest="critical",
|
||||||
|
type="int", help="Critical Threshold")
|
||||||
|
parser.add_option("-W", "--warning", dest="warning",
|
||||||
|
type="int", help="Warning Threshold")
|
||||||
|
parser.add_option("-u", "--username", dest="username", default="guest",
|
||||||
|
type="string", help="RabbitMQ username, Default guest")
|
||||||
|
parser.add_option("-p", "--password", dest="password", default="guest",
|
||||||
|
type="string", help="RabbitMQ password, Default guest")
|
||||||
|
parser.add_option("-t", "--timeout", dest="timeout", default=1,
|
||||||
|
type="int", help="Request Timeout, defaults to 1 second")
|
||||||
|
parser.add_option("-c", "--cluster", dest="cluster", default="localhost",
|
||||||
|
type="string", help="Cluster IP/DNS name, defaults to localhost")
|
||||||
|
(options, args) = parser.parse_args()
|
||||||
|
|
||||||
|
if options.action == "connection_count":
|
||||||
|
check_connection_count(options.critical, options.warning)
|
||||||
|
elif options.action == "queues_count":
|
||||||
|
check_queues_count(options.critical, options.warning)
|
||||||
|
elif options.action == "mem_usage":
|
||||||
|
check_mem_usage(options.critical, options.warning)
|
||||||
|
elif options.action == "aliveness":
|
||||||
|
check_aliveness(options.username, options.password, options.timeout, options.cluster)
|
||||||
|
elif options.action == "cluster_status":
|
||||||
|
check_cluster(options.username, options.password, options.timeout, options.cluster)
|
||||||
|
else:
|
||||||
|
print "Invalid action: %s" % options.action
|
||||||
|
print USAGE
|
66
rabbitmq/files/rabbitmq_connections
Normal file
66
rabbitmq/files/rabbitmq_connections
Normal file
|
@ -0,0 +1,66 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Plugin to monitor the number of connections to RabbitMQ
|
||||||
|
#
|
||||||
|
# Usage: Link or copy into /etc/munin/node.d/
|
||||||
|
#
|
||||||
|
# Parameters
|
||||||
|
# env.conn_warn <warning connections>
|
||||||
|
# env.conn_crit <critical connections>
|
||||||
|
#
|
||||||
|
# Magic markers (optional - only used by munin-config and some
|
||||||
|
# installation scripts):
|
||||||
|
#
|
||||||
|
#%# family=auto
|
||||||
|
#%# capabilities=autoconf
|
||||||
|
|
||||||
|
# If run with the "autoconf"-parameter, give our opinion on wether we
|
||||||
|
# should be run on this system or not. This is optinal, and only used by
|
||||||
|
# munin-config. In the case of this plugin, we should most probably
|
||||||
|
# always be included.
|
||||||
|
|
||||||
|
if [ "$1" = "autoconf" ]; then
|
||||||
|
echo yes
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
HOME=/tmp/
|
||||||
|
|
||||||
|
# If run with the "config"-parameter, give out information on how the
|
||||||
|
# graphs should look.
|
||||||
|
|
||||||
|
if [ "$1" = "config" ]; then
|
||||||
|
CONN_WARN=${queue_warn:-500}
|
||||||
|
CONN_CRIT=${queue_crit:-1000}
|
||||||
|
|
||||||
|
# The host name this plugin is for. (Can be overridden to have
|
||||||
|
# one machine answer for several)
|
||||||
|
|
||||||
|
# The title of the graph
|
||||||
|
echo 'graph_title RabbitMQ connections'
|
||||||
|
# Arguments to "rrdtool graph". In this case, tell it that the
|
||||||
|
# lower limit of the graph is '0', and that 1k=1000 (not 1024)
|
||||||
|
echo 'graph_args --base 1000 -l 0'
|
||||||
|
# The Y-axis label
|
||||||
|
echo 'graph_vlabel connections'
|
||||||
|
# We want Cur/Min/Avg/Max unscaled (i.e. 0.42 load instead of
|
||||||
|
# 420 milliload)
|
||||||
|
#echo 'graph_scale no'
|
||||||
|
echo 'graph_category RabbitMQ'
|
||||||
|
|
||||||
|
echo "connections.label Connections"
|
||||||
|
echo "connections.warning $CONN_WARN"
|
||||||
|
echo "connections.critical $CONN_CRIT"
|
||||||
|
echo "connections.info Number of active connections"
|
||||||
|
|
||||||
|
echo 'graph_info Shows the number of connections to RabbitMQ'
|
||||||
|
# Last, if run with the "config"-parameter, quit here (don't
|
||||||
|
# display any data)
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If not run with any parameters at all (or only unknown ones), do the
|
||||||
|
# real work - i.e. display the data. Almost always this will be
|
||||||
|
# "value" subfield for every data field.
|
||||||
|
|
||||||
|
echo "connections.value $(HOME=$HOME rabbitmqctl list_connections | grep -v "^Listing" | grep -v "done.$" | wc -l)"
|
|
@ -4,3 +4,12 @@
|
||||||
name: rabbitmq-server
|
name: rabbitmq-server
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart nagios-nrpe-server
|
||||||
|
service:
|
||||||
|
name: nagios-nrpe-server
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart munin-node
|
||||||
|
service:
|
||||||
|
name: munin-node
|
||||||
|
state: restarted
|
||||||
|
|
|
@ -27,3 +27,25 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/rabbitmq-server
|
dest: /etc/default/rabbitmq-server
|
||||||
line: ulimit -n 2048
|
line: ulimit -n 2048
|
||||||
|
|
||||||
|
- name: is NRPE present ?
|
||||||
|
stat:
|
||||||
|
path: /etc/nagios/nrpe.d/evolix.cfg
|
||||||
|
check_mode: no
|
||||||
|
register: nrpe_evolix_config
|
||||||
|
tags:
|
||||||
|
- nrpe
|
||||||
|
|
||||||
|
- include: nrpe.yml
|
||||||
|
when: nrpe_evolix_config.stat.exists
|
||||||
|
|
||||||
|
- name: is Munin present ?
|
||||||
|
stat:
|
||||||
|
path: /etc/munin
|
||||||
|
check_mode: no
|
||||||
|
register: etc_munin_directory
|
||||||
|
tags:
|
||||||
|
- nrpe
|
||||||
|
|
||||||
|
- include: munin.yml
|
||||||
|
when: etc_munin_directory.stat.exists
|
||||||
|
|
45
rabbitmq/tasks/munin.yml
Normal file
45
rabbitmq/tasks/munin.yml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
tags:
|
||||||
|
- rabbitmq
|
||||||
|
- munin
|
||||||
|
|
||||||
|
- name: Create local munin directory
|
||||||
|
file:
|
||||||
|
name: /usr/local/share/munin/
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- rabbitmq
|
||||||
|
- munin
|
||||||
|
|
||||||
|
- name: Create local plugins directory
|
||||||
|
file:
|
||||||
|
name: /usr/local/share/munin/plugins/
|
||||||
|
state: directory
|
||||||
|
mode: "0755"
|
||||||
|
tags:
|
||||||
|
- rabbitmq
|
||||||
|
- munin
|
||||||
|
|
||||||
|
- name: Copy rabbitmq_connections munin plugin
|
||||||
|
copy:
|
||||||
|
src: rabbitmq_connections
|
||||||
|
dest: /usr/local/share/munin/plugins/rabbitmq_connections
|
||||||
|
mode: "0755"
|
||||||
|
notify: restart munin-node
|
||||||
|
tags:
|
||||||
|
- rabbitmq
|
||||||
|
- munin
|
||||||
|
|
||||||
|
- name: Enable rabbitmq_connections munin plugin
|
||||||
|
file:
|
||||||
|
src: /usr/local/share/munin/plugins/rabbitmq_connections
|
||||||
|
dest: "/etc/munin/plugins/rabbitmq_connections"
|
||||||
|
state: link
|
||||||
|
notify: restart munin-node
|
||||||
|
tags:
|
||||||
|
- rabbitmq
|
||||||
|
- munin
|
34
rabbitmq/tasks/nrpe.yml
Normal file
34
rabbitmq/tasks/nrpe.yml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: check_rabbitmq dependencies
|
||||||
|
apt:
|
||||||
|
name: python-requests
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
|
||||||
|
# https://raw.githubusercontent.com/CaptPhunkosis/check_rabbitmq/master/check_rabbitmq
|
||||||
|
- name: check_rabbitmq is installed
|
||||||
|
copy:
|
||||||
|
src: check_rabbitmq
|
||||||
|
dest: /usr/local/lib/nagios/plugins/check_rabbitmq
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0755"
|
||||||
|
force: yes
|
||||||
|
|
||||||
|
- name: check_rabbitmq is available for NRPE
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||||
|
regexp: 'command\[check_rab_connection_count\]'
|
||||||
|
line: 'command[check_rab_connection_count]=sudo /usr/local/lib/nagios/plugins/check_rabbitmq -a connection_count -C {{ rabbitmq_connections_critical }} -W {{ rabbitmq_connections_warning }}'
|
||||||
|
notify: restart nagios-nrpe-server
|
||||||
|
|
||||||
|
- name: sudo without password for nagios
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/sudoers.d/evolinux
|
||||||
|
regexp: 'check_rabbitmq'
|
||||||
|
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_rabbitmq'
|
||||||
|
insertafter: '^nagios'
|
||||||
|
validate: "visudo -cf %s"
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
rbenv_version: v1.1.0
|
rbenv_version: v1.1.1
|
||||||
rbenv_ruby_version: 2.4.1
|
rbenv_ruby_version: 2.4.2
|
||||||
rbenv_root: "~/.rbenv"
|
rbenv_root: "~/.rbenv"
|
||||||
rbenv_repo: "https://github.com/rbenv/rbenv.git"
|
rbenv_repo: "https://github.com/rbenv/rbenv.git"
|
||||||
rbenv_plugins:
|
rbenv_plugins:
|
||||||
|
|
13
remount-usr/README.md
Normal file
13
remount-usr/README.md
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# remount-usr
|
||||||
|
|
||||||
|
This is a role for mount /usr partition in rw and remount it with a handler.
|
||||||
|
Usefull when you use ro option in your /etc/fstab for /usr partition.
|
||||||
|
|
||||||
|
## Usage
|
||||||
|
|
||||||
|
Include this role in task before write on /usr partition (eg. copy a file) :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
- include_role:
|
||||||
|
name: remount-usr
|
||||||
|
~~~
|
|
@ -43,7 +43,7 @@
|
||||||
- name: enable sa-update.sh cron
|
- name: enable sa-update.sh cron
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/cron.d/sa-update
|
dest: /etc/cron.d/sa-update
|
||||||
line: "42 6 5 1,4,7,10 * /usr/share/scripts/sa-update.sh"
|
line: "42 6 5 1,4,7,10 * root /usr/share/scripts/sa-update.sh"
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# tomcat
|
# tomcat
|
||||||
|
|
||||||
Install a Tomcat depndancies for multiple tomcat instance.
|
Install Tomcat and its dependencies for multiple instances.
|
||||||
|
|
||||||
## Available variables
|
## Available variables
|
||||||
|
|
||||||
**tomcat_instance_root:** Root dir for Tomcat instance (default: /srv/tomcat)
|
**tomcat_instance_root**: Root dir for Tomcat instance (default: /srv/tomcat)
|
||||||
|
|
15
tomcat/files/tomcat_stretch.service
Normal file
15
tomcat/files/tomcat_stretch.service
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Tomcat %u.
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
WorkingDirectory=%h
|
||||||
|
Environment="CATALINA_BASE=%h"
|
||||||
|
EnvironmentFile=%h/conf/env
|
||||||
|
UMask=0002
|
||||||
|
ExecStart=/usr/share/tomcat8/bin/startup.sh
|
||||||
|
ExecStop=/usr/share/tomcat8/bin/shutdown.sh
|
||||||
|
Type=forking
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -1,3 +1,8 @@
|
||||||
---
|
---
|
||||||
- include: packages.yml
|
- include: packages_jessie.yml
|
||||||
|
when: ansible_distribution_release == "jessie"
|
||||||
|
|
||||||
|
- include: packages_stretch.yml
|
||||||
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
- include: nagios.yml
|
- include: nagios.yml
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Install dependancy
|
- name: Install packages
|
||||||
apt:
|
apt:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
- name: Copy systemd unit
|
- name: Copy systemd unit
|
||||||
copy:
|
copy:
|
||||||
src: 'tomcat.service'
|
src: 'tomcat_jessie.service'
|
||||||
dest: "/etc/systemd/user/tomcat.service"
|
dest: "/etc/systemd/user/tomcat.service"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
|
|
29
tomcat/tasks/packages_stretch.yml
Normal file
29
tomcat/tasks/packages_stretch.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- name: Install packages
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- 'tomcat8'
|
||||||
|
- 'tomcat8-user'
|
||||||
|
- 'libpam-systemd'
|
||||||
|
|
||||||
|
- name: Create tomcat root dir
|
||||||
|
file:
|
||||||
|
path: "{{ tomcat_instance_root }}"
|
||||||
|
state: directory
|
||||||
|
owner: 'root'
|
||||||
|
group: 'root'
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Copy systemd unit
|
||||||
|
copy:
|
||||||
|
src: 'tomcat_stretch.service'
|
||||||
|
dest: "/etc/systemd/user/tomcat.service"
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Disable default tomcat8 service
|
||||||
|
service:
|
||||||
|
name: tomcat8
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
|
@ -5,6 +5,12 @@
|
||||||
state: reloaded
|
state: reloaded
|
||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: restart varnish
|
||||||
|
systemd:
|
||||||
|
name: varnish
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
- name: reload systemd
|
- name: reload systemd
|
||||||
command: systemctl daemon-reload
|
command: systemctl daemon-reload
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
- /etc/default/varnish
|
- /etc/default/varnish
|
||||||
- /etc/default/varnishncsa
|
- /etc/default/varnishncsa
|
||||||
- /etc/default/varnishlog
|
- /etc/default/varnishlog
|
||||||
|
notify: reload varnish
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
|
||||||
|
@ -24,6 +25,7 @@
|
||||||
mode: "0700"
|
mode: "0700"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
|
notify: reload varnish
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
|
||||||
|
@ -39,7 +41,9 @@
|
||||||
src: varnish.conf.j2
|
src: varnish.conf.j2
|
||||||
dest: /etc/systemd/system/varnish.service.d/evolinux.conf
|
dest: /etc/systemd/system/varnish.service.d/evolinux.conf
|
||||||
force: yes
|
force: yes
|
||||||
notify: reload systemd
|
notify:
|
||||||
|
- reload systemd
|
||||||
|
- restart varnish
|
||||||
tags:
|
tags:
|
||||||
- varnish
|
- varnish
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue