Jérémy Lecour
ee21973371
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2777|524|2253|2462|:+1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a>
gitea/ansible-roles/pipeline/head This commit looks good
Fully Qualified Collection Name
144 lines
3.3 KiB
YAML
144 lines
3.3 KiB
YAML
---
|
|
|
|
- name: Ensure that Munin (and useful dependencies) is installed
|
|
ansible.builtin.apt:
|
|
name:
|
|
- munin
|
|
- munin-node
|
|
- munin-plugins-core
|
|
- munin-plugins-extra
|
|
- gawk
|
|
state: present
|
|
tags:
|
|
- munin
|
|
- packages
|
|
|
|
- name: Ensure /usr is still writable
|
|
ansible.builtin.include_role:
|
|
name: evolix/remount-usr
|
|
|
|
- block:
|
|
- name: Replace localdomain in Munin config
|
|
ansible.builtin.replace:
|
|
dest: /etc/munin/munin.conf
|
|
regexp: 'localhost.localdomain'
|
|
replace: '{{ ansible_fqdn }}'
|
|
notify: restart munin-node
|
|
|
|
- name: Rename the localdomain data dir
|
|
ansible.builtin.shell:
|
|
cmd: "mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} && rename \"s/localhost.localdomain/{{ ansible_fqdn }}/\" /var/lib/munin/{{ ansible_domain }}/*"
|
|
args:
|
|
creates: /var/lib/munin/{{ ansible_domain }}
|
|
removes: /var/lib/munin/localdomain
|
|
notify: restart munin-node
|
|
|
|
when: not ansible_hostname == "localdomain"
|
|
tags:
|
|
- munin
|
|
|
|
- ansible.builtin.include_role:
|
|
name: evolix/remount-usr
|
|
|
|
- name: Install some Munin plugins (disabled)
|
|
ansible.builtin.copy:
|
|
src: 'plugins/{{ item }}'
|
|
dest: '/usr/share/munin/plugins/{{ item }}'
|
|
loop:
|
|
- dhcp_pool
|
|
tags:
|
|
- munin
|
|
|
|
- name: Ensure some Munin plugins are disabled
|
|
ansible.builtin.file:
|
|
path: '/etc/munin/plugins/{{ item }}'
|
|
state: absent
|
|
loop:
|
|
- http_loadtime
|
|
- exim_mailqueue
|
|
- exim_mailstats
|
|
- nfsd
|
|
- nfsd4
|
|
- nfs_client
|
|
- nfs4_client
|
|
notify: restart munin-node
|
|
tags:
|
|
- munin
|
|
|
|
- name: Ensure some Munin plugins are enabled
|
|
ansible.builtin.file:
|
|
src: "/usr/share/munin/plugins/{{ item }}"
|
|
dest: "/etc/munin/plugins/{{ item }}"
|
|
state: link
|
|
loop:
|
|
- meminfo
|
|
- netstat_multi
|
|
- tcp
|
|
- postfix_mailqueue
|
|
- postfix_mailstats
|
|
- postfix_mailvolume
|
|
notify: restart munin-node
|
|
tags:
|
|
- munin
|
|
|
|
- name: Enable sensors_ plugin on dedicated hardware
|
|
ansible.builtin.file:
|
|
src: /usr/share/munin/plugins/sensors_
|
|
dest: "/etc/munin/plugins/sensors_{{ item }}"
|
|
state: link
|
|
with_items:
|
|
- fan
|
|
- temp
|
|
when: ansible_virtualization_role == "host"
|
|
notify: restart munin-node
|
|
tags:
|
|
- munin
|
|
|
|
- name: Enable ipmi_ plugin on dedicated hardware
|
|
ansible.builtin.file:
|
|
src: /usr/share/munin/plugins/ipmi_
|
|
dest: "/etc/munin/plugins/ipmi_{{ item }}"
|
|
state: link
|
|
when: ansible_virtualization_role == "host"
|
|
notify: restart munin-node
|
|
with_items:
|
|
- fans
|
|
- temp
|
|
- power
|
|
- volts
|
|
|
|
- name: adjustments for grsec kernel
|
|
ansible.builtin.blockinfile:
|
|
dest: /etc/munin/plugin-conf.d/munin-node
|
|
marker: "# {mark} ANSIBLE MANAGED GRSECURITY CUSTOMIZATIONS"
|
|
block: |
|
|
|
|
[processes]
|
|
user root
|
|
|
|
[vmstat]
|
|
user root
|
|
|
|
[swap]
|
|
user root
|
|
when: ansible_kernel is search("-grs-")
|
|
|
|
- name: Create override directory for munin-node unit
|
|
ansible.builtin.file:
|
|
name: /etc/systemd/system/munin-node.service.d/
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Override is present for protected home
|
|
community.general.ini_file:
|
|
dest: "/etc/systemd/system/munin-node.service.d/override.conf"
|
|
section: "Service"
|
|
option: "ProtectHome"
|
|
value: "false"
|
|
state: present
|
|
create: yes
|
|
mode: "0644"
|
|
notify:
|
|
- systemd daemon-reload
|
|
- restart munin-node
|