ansible-roles/munin/tasks/main.yml

147 lines
3.2 KiB
YAML

---
- name: Ensure that Munin (and useful dependencies) is installed
apt:
name:
- munin
- munin-node
- munin-plugins-core
- munin-plugins-extra
- gawk
state: present
tags:
- munin
- packages
- name: Ensure /usr is still writable
include_role:
name: evolix/remount-usr
- block:
- name: Replace localdomain in Munin config
replace:
dest: /etc/munin/munin.conf
regexp: 'localhost.localdomain'
replace: '{{ ansible_fqdn }}'
notify: restart munin-node
- name: Rename the localdomain data dir
shell: "mv /var/lib/munin/localdomain /var/lib/munin/{{ ansible_domain }} && rename \"s/localhost.localdomain/{{ ansible_fqdn }}/\" /var/lib/munin/{{ ansible_domain }}/*"
args:
creates: /var/lib/munin/{{ ansible_domain }}
removes: /var/lib/munin/localdomain
notify: restart munin-node
when: not ansible_hostname == "localdomain"
when: not ansible_check_mode
tags:
- munin
- include_role:
name: evolix/remount-usr
- name: Install some Munin plugins (disabled)
copy:
src: 'plugins/{{ item }}'
dest: '/usr/share/munin/plugins/{{ item }}'
loop:
- dhcp_pool
tags:
- munin
- name: Ensure some Munin plugins are disabled
file:
path: '/etc/munin/plugins/{{ item }}'
state: absent
loop:
- http_loadtime
- exim_mailqueue
- exim_mailstats
- nfsd
- nfsd4
- nfs_client
- nfs4_client
notify: restart munin-node
tags:
- munin
- name: Ensure some Munin plugins are enabled
file:
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
loop:
- meminfo
- netstat_multi
- tcp
- postfix_mailqueue
- postfix_mailstats
- postfix_mailvolume
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable sensors_ plugin on dedicated hardware
file:
src: /usr/share/munin/plugins/sensors_
dest: "/etc/munin/plugins/sensors_{{ item }}"
state: link
with_items:
- fan
- temp
when: ansible_virtualization_role == "host"
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable ipmi_ plugin on dedicated hardware
file:
src: /usr/share/munin/plugins/ipmi_
dest: "/etc/munin/plugins/ipmi_{{ item }}"
state: link
when: ansible_virtualization_role == "host"
notify: restart munin-node
with_items:
- fans
- temp
- power
- volts
when: not ansible_check_mode
- name: adjustments for grsec kernel
blockinfile:
dest: /etc/munin/plugin-conf.d/munin-node
marker: "# {mark} ANSIBLE MANAGED GRSECURITY CUSTOMIZATIONS"
block: |
[processes]
user root
[vmstat]
user root
[swap]
user root
when: ansible_kernel is search("-grs-")
- name: Create override directory for munin-node unit
file:
name: /etc/systemd/system/munin-node.service.d/
state: directory
mode: "0755"
- name: Override is present for protected home
ini_file:
dest: "/etc/systemd/system/munin-node.service.d/override.conf"
section: "Service"
option: "ProtectHome"
value: "false"
state: present
create: yes
mode: "0644"
notify:
- systemd daemon-reload
- restart munin-node