Compare commits
80 Commits
yanicfix-s
...
master
Author | SHA1 | Date | |
---|---|---|---|
37b955a65c | |||
443414cfd1 | |||
05b5757ffd | |||
87b21ca773 | |||
90cb6966a7 | |||
8ad13bcd95 | |||
3e9f20fa32 | |||
42ac102e8f | |||
2c17b101a3 | |||
ea4a4f1c24 | |||
e6d7a0ed9d | |||
e9095ae0a3 | |||
8f4e99d4f3 | |||
879a01649a | |||
963b676f95 | |||
0653790816 | |||
d9775e2071 | |||
bbc30c025e | |||
4eab827a06 | |||
8aaf5235b2 | |||
9e24b7cab0 | |||
1465481113 | |||
22724967e0 | |||
9f057f2389 | |||
65400002dd | |||
7ab2642b4b | |||
de03068166 | |||
cab4994899 | |||
27c2f0b452 | |||
|
806c1b3e51 | ||
|
4bf5099ab2 | ||
5020612824 | |||
a49ed72fe4 | |||
2de5cdfdaf | |||
2a89b85d36 | |||
5ab29feb17 | |||
75827d1202 | |||
fb4c22eabf | |||
87664d0158 | |||
9530ed5e09 | |||
c7777e45da | |||
52a364d2ef | |||
e429538540 | |||
f4b94ff2c5 | |||
4972d0cafb | |||
c4456da825 | |||
5b6ed5bcbf | |||
1af34c4f90 | |||
99c1add95f | |||
6c54d99914 | |||
b9861845c3 | |||
df8b7ba21c | |||
32aefbb0f6 | |||
015e75fa2b | |||
15d3da93b2 | |||
629bb169ac | |||
4c63ba2586 | |||
9aa91059d2 | |||
9c6d490f1c | |||
f39df70307 | |||
59248f4ef8 | |||
4f45d615a5 | |||
9f50cb58b3 | |||
73a9300408 | |||
26d5037e26 | |||
26bd85279c | |||
ef9303ecf7 | |||
ac79d8f35c | |||
e2ba2e8ca5 | |||
7214833ecc | |||
c79f497a09 | |||
3d8072520e | |||
0e7ecfca34 | |||
6c1c6b8abd | |||
779b361aec | |||
215610b2db | |||
7c405d3b91 | |||
1da5ef70e5 | |||
c196bc4483 | |||
8fabdc2550 |
|
@ -75,17 +75,6 @@ pve_targets:
|
|||
- pve01.ffrgb
|
||||
- pve02.ffrgb
|
||||
|
||||
telegraf_influxdb_url: stats.regensburg.freifunk.net:8086
|
||||
telegraf_influxdb_database: wgstats
|
||||
telegraf_influxdb_username: admin
|
||||
telegraf_influxdb_password: "{{ vault_yanic_influx_pw }}"
|
||||
telegraf_plugins_base:
|
||||
- name: wireguard
|
||||
options:
|
||||
devices:
|
||||
- "wg-{{ site_code }}"
|
||||
|
||||
|
||||
site: ffrgb
|
||||
site_domain: regensburg.freifunk.net
|
||||
|
||||
|
|
|
@ -18,3 +18,5 @@ fastd_port: 10010
|
|||
gateway_id: 11
|
||||
|
||||
site_code: ffrgb_cty
|
||||
|
||||
ntp_server: true
|
||||
|
|
|
@ -18,3 +18,5 @@ fastd_port: 10010
|
|||
gateway_id: 12
|
||||
|
||||
site_code: ffrgb_cty
|
||||
|
||||
ntp_server: true
|
||||
|
|
|
@ -18,3 +18,5 @@ mesh_wg_privkey: "{{ vault_mesh_wg_privkey_uml }}"
|
|||
gateway_id: 21
|
||||
|
||||
site_code: ffrgb_uml
|
||||
|
||||
ntp_server: true
|
||||
|
|
|
@ -18,3 +18,5 @@ mesh_wg_privkey: "{{ vault_mesh_wg_privkey_uml }}"
|
|||
gateway_id: 22
|
||||
|
||||
site_code: ffrgb_uml
|
||||
|
||||
ntp_server: true
|
||||
|
|
|
@ -20,3 +20,5 @@ gateway_id: 31
|
|||
site_code: ffrgb_tst
|
||||
|
||||
nat_pool: 194.156.22.32-194.156.22.33
|
||||
|
||||
ntp_server: true
|
||||
|
|
3
host_vars/resolver.regensburg.freifunk.net
Normal file
3
host_vars/resolver.regensburg.freifunk.net
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
|
||||
acertmgr_mode: standalone
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python
|
||||
#!/usr/bin/env python3
|
||||
|
||||
EXAMPLES = '''
|
||||
# Generates a fastd key
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// Unattended-Upgrade::Origins-Pattern controls which packages are
|
||||
// upgraded.
|
||||
//
|
||||
// Lines below have the format format is "keyword=value,...". A
|
||||
// Lines below have the format "keyword=value,...". A
|
||||
// package will be upgraded only if the values in its metadata match
|
||||
// all the supplied keywords in a line. (In other words, omitted
|
||||
// keywords are wild cards.) The keywords originate from the Release
|
||||
|
@ -30,6 +30,7 @@ Unattended-Upgrade::Origins-Pattern {
|
|||
// "origin=Debian,codename=${distro_codename}-proposed-updates";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian";
|
||||
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
|
||||
|
||||
// Archive or Suite based matching:
|
||||
// Note that this will silently match a different release after
|
||||
|
@ -92,9 +93,11 @@ Unattended-Upgrade::Package-Blacklist {
|
|||
// 'mailx' must be installed. E.g. "user@example.com"
|
||||
Unattended-Upgrade::Mail "root";
|
||||
|
||||
// Set this value to "true" to get emails only on errors. Default
|
||||
// is to always send a mail if Unattended-Upgrade::Mail is set
|
||||
Unattended-Upgrade::MailOnlyOnError "true";
|
||||
// Set this value to one of:
|
||||
// "always", "only-on-error" or "on-change"
|
||||
// If this is not set, then any legacy MailOnlyOnError (boolean) value
|
||||
// is used to chose between "only-on-error" and "on-change"
|
||||
Unattended-Upgrade::MailReport "only-on-error";
|
||||
|
||||
// Remove unused automatically installed kernel-related packages
|
||||
// (kernel images, kernel headers and kernel version locked tools).
|
||||
|
@ -144,3 +147,18 @@ Unattended-Upgrade::Automatic-Reboot "false";
|
|||
// Print debugging information both in unattended-upgrades and
|
||||
// in unattended-upgrade-shutdown
|
||||
// Unattended-Upgrade::Debug "false";
|
||||
|
||||
// Allow package downgrade if Pin-Priority exceeds 1000
|
||||
// Unattended-Upgrade::Allow-downgrade "false";
|
||||
|
||||
// When APT fails to mark a package to be upgraded or installed try adjusting
|
||||
// candidates of related packages to help APT's resolver in finding a solution
|
||||
// where the package can be upgraded or installed.
|
||||
// This is a workaround until APT's resolver is fixed to always find a
|
||||
// solution if it exists. (See Debian bug #711128.)
|
||||
// The fallback is enabled by default, except on Debian's sid release because
|
||||
// uninstallable packages are frequent there.
|
||||
// Disabling the fallback speeds up unattended-upgrades when there are
|
||||
// uninstallable packages at the expense of rarely keeping back packages which
|
||||
// could be upgraded or installed.
|
||||
// Unattended-Upgrade::Allow-APT-Mark-Fallback "true";
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -30,10 +30,10 @@
|
|||
copy: src={{ item.src }} dest={{ item.dest }}
|
||||
diff: no
|
||||
with_items:
|
||||
- { src: '.zshrc', dest: '/root/.zshrc' }
|
||||
- { src: '.zshrc.local', dest: '/root/.zshrc.local' }
|
||||
- { src: 'motd', dest: '/etc/motd' }
|
||||
- { src: 'vimrc.local', dest: '/etc/vim/vimrc.local' }
|
||||
- { src: ".zshrc", dest: "/root/.zshrc" }
|
||||
- { src: ".zshrc.local", dest: "/root/.zshrc.local" }
|
||||
- { src: "motd", dest: "/etc/motd" }
|
||||
- { src: "vimrc.local", dest: "/etc/vim/vimrc.local" }
|
||||
|
||||
- name: Set shell for root user
|
||||
user: name=root shell=/bin/zsh
|
||||
|
@ -52,8 +52,8 @@
|
|||
- name: Prevent normal users from running su
|
||||
lineinfile:
|
||||
path: /etc/pam.d/su
|
||||
regexp: '^.*auth\s+required\s+pam_wheel.so$'
|
||||
line: 'auth required pam_wheel.so'
|
||||
regexp: "^.*auth\\s+required\\s+pam_wheel.so$"
|
||||
line: "auth required pam_wheel.so"
|
||||
|
||||
- name: Configure journald retention
|
||||
lineinfile:
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
|
||||
dhcpd_interfaces: br-{{ site_code }}
|
||||
dhcpd_first: "{{ batman_ipv4 | ipaddr('512') | ipaddr('address') }}"
|
||||
dhcpd_last: "{{ batman_ipv4 | ipaddr('2558') | ipaddr('address') }}"
|
||||
dhcpd_last: "{{ batman_ipv4 | ipaddr('4606') | ipaddr('address') }}"
|
||||
name_server: "{{ batman_ipv4 | ipaddr('address') }}"
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Enable powerdns apt-key
|
||||
apt_key: url='https://repo.powerdns.com/FD380FBB-pub.asc'
|
||||
|
||||
- name: Enable powerdns repository
|
||||
apt_repository: repo='deb http://repo.powerdns.com/debian buster-auth-43 main'
|
||||
|
||||
- name: Install powerdns
|
||||
apt:
|
||||
name:
|
||||
|
|
|
@ -29,3 +29,7 @@ master=yes
|
|||
#
|
||||
# only-notify=0.0.0.0/0,::/0
|
||||
only-notify=
|
||||
|
||||
# security-poll-suffix Domain name from which to query security update notifications
|
||||
#
|
||||
security-poll-suffix=
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Enable powerdns apt-key
|
||||
apt_key: url='https://repo.powerdns.com/FD380FBB-pub.asc'
|
||||
|
||||
- name: Enable powerdns repository
|
||||
apt_repository: repo='deb http://repo.powerdns.com/debian buster-dnsdist-15 main'
|
||||
|
||||
- name: Install powerdns
|
||||
apt:
|
||||
name:
|
||||
|
|
|
@ -5,10 +5,11 @@ addLocal('::1')
|
|||
addLocal('{{ ansible_default_ipv4.address }}')
|
||||
addLocal('{{ ansible_default_ipv6.address }}')
|
||||
|
||||
addACL('194.156.22.0/24')
|
||||
addACL('2001:678:ddc::/48')
|
||||
setACL({'0.0.0.0/0', '::/0'})
|
||||
|
||||
newServer({address='127.0.0.1:5353', qps=1, name='localhost'})
|
||||
addAction(AndRule({TCPRule(false), MaxQPSIPRule(10)}), TCAction())
|
||||
|
||||
newServer({address='127.0.0.1:5353', name='localhost'})
|
||||
|
||||
addTLSLocal('{{ ansible_default_ipv4.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
||||
addTLSLocal('{{ ansible_default_ipv6.address }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
||||
|
|
|
@ -1,11 +1,5 @@
|
|||
---
|
||||
|
||||
- name: Enable powerdns apt-key
|
||||
apt_key: url='https://repo.powerdns.com/FD380FBB-pub.asc'
|
||||
|
||||
- name: Enable powerdns repository
|
||||
apt_repository: repo='deb http://repo.powerdns.com/debian buster-dnsdist-15 main'
|
||||
|
||||
- name: Install powerdns
|
||||
apt:
|
||||
name:
|
||||
|
|
|
@ -5,7 +5,7 @@ addLocal('::1')
|
|||
addLocal('{{ batman_ipv4 | ipaddr('address') }}')
|
||||
addLocal('{{ batman_ipv6 | ipaddr('address') }}')
|
||||
|
||||
newServer({address='127.0.0.1:5353', qps=1, name='localhost'})
|
||||
newServer({address='127.0.0.1:5353', name='localhost'})
|
||||
|
||||
addTLSLocal('{{ batman_ipv4 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
||||
addTLSLocal('{{ batman_ipv6 | ipaddr('address') }}', '/etc/dnsdist/{{ ansible_fqdn }}.crt', '/etc/dnsdist/{{ ansible_fqdn }}.key')
|
||||
|
|
|
@ -12,12 +12,6 @@ launch=bind
|
|||
# local-address=0.0.0.0
|
||||
local-address=127.0.0.1
|
||||
|
||||
#################################
|
||||
# local-ipv6 Local IP address to which we bind
|
||||
#
|
||||
# local-ipv6=::
|
||||
local-ipv6=
|
||||
|
||||
#################################
|
||||
# local-port The port on which we listen
|
||||
#
|
||||
|
|
|
@ -32,13 +32,6 @@ local-address=127.0.0.1
|
|||
#
|
||||
local-port=5353
|
||||
|
||||
#################################
|
||||
# query-local-address6 Send out local IPv6 queries from this address or addresses. Disabled by default, which also disables outgoing
|
||||
#
|
||||
{% if global_ipv6 is defined %}
|
||||
query-local-address6={{ global_ipv6 | ipaddr('address') }}
|
||||
{% endif %}
|
||||
|
||||
#################################
|
||||
# quiet Suppress logging of questions and answers
|
||||
#
|
||||
|
|
|
@ -1,17 +1,10 @@
|
|||
---
|
||||
|
||||
- name: Enable docker apt-key
|
||||
apt_key: url='https://download.docker.com/linux/debian/gpg'
|
||||
|
||||
- name: Enable docker repository
|
||||
apt_repository:
|
||||
repo: 'deb https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
|
||||
filename: docker
|
||||
|
||||
- name: Install docker
|
||||
apt:
|
||||
name:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker.io
|
||||
- python3-docker
|
||||
|
||||
- name: Enable docker
|
||||
service: name=docker state=started enabled=yes
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
---
|
||||
|
||||
- name: Enable grafana apt-key
|
||||
apt_key: url='https://packages.grafana.com/gpg.key'
|
||||
- name: Retrieve Grafana Key and avoid apt_key
|
||||
block:
|
||||
- name: grafana |no apt key
|
||||
ansible.builtin.get_url:
|
||||
url: https://apt.grafana.com/gpg.key
|
||||
dest: /usr/share/keyrings/grafana.key
|
||||
|
||||
- name: Enable grafana repository
|
||||
apt_repository: repo='deb https://packages.grafana.com/oss/deb stable main'
|
||||
apt_repository: repo="deb [signed-by=/usr/share/keyrings/grafana.key] https://apt.grafana.com stable main"
|
||||
|
||||
- name: Install grafana
|
||||
apt: name=grafana
|
||||
|
|
|
@ -1,10 +1,23 @@
|
|||
---
|
||||
|
||||
- name: Enable influxdb apt-key
|
||||
apt_key: url='https://repos.influxdata.com/influxdb.key'
|
||||
- name: Import Influxdb GPG siging key with store
|
||||
ansible.builtin.get_url:
|
||||
url: "https://repos.influxdata.com/influxdata-archive_compat.key"
|
||||
dest: /etc/apt/trusted.gpg.d/influxdb.key
|
||||
checksum: "sha256:393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c"
|
||||
|
||||
- name: Enable influxdb repository
|
||||
apt_repository: repo='deb https://repos.influxdata.com/debian buster stable'
|
||||
- name: Convert key
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- gpg
|
||||
- --dearmor
|
||||
- /etc/apt/trusted.gpg.d/influxdb.key
|
||||
creates: /etc/apt/trusted.gpg.d/influxdb.key.gpg
|
||||
|
||||
- name: Enable InfluxDB repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdb.key.gpg] https://repos.influxdata.com/debian stable main'
|
||||
state: present
|
||||
|
||||
- name: Install influxdb
|
||||
apt: name=influxdb
|
||||
|
|
|
@ -14,6 +14,8 @@ iface br-{{ site_code }}
|
|||
{% if global_ipv6 is defined %}
|
||||
address {{ global_ipv6 }}
|
||||
{% endif %}
|
||||
#
|
||||
post-up echo 2 > /sys/class/net/bat-{{ site_code }}/brport/multicast_router
|
||||
|
||||
# bat-{{ site_code }}
|
||||
auto bat-{{ site_code }}
|
||||
|
@ -21,15 +23,14 @@ iface bat-{{ site_code }}
|
|||
hwaddress f2:00:90:00:{{ gateway_id }}:20
|
||||
mtu 1500
|
||||
#
|
||||
batman-gw-mode server
|
||||
batman-hop-penalty 5
|
||||
batman-ifaces dmy-{{ site_code }}
|
||||
batman-ifaces-ignore-regex .*_.*
|
||||
batman-multicast-mode disabled
|
||||
batman-routing-algo {{ batman_algo }}
|
||||
#
|
||||
post-up /usr/sbin/batctl -m bat-{{ site_code }} it 5000
|
||||
post-up echo 2 > /sys/class/net/bat-{{ site_code }}/brport/multicast_router
|
||||
post-up /usr/sbin/batctl meshif bat-{{ site_code }} gw server
|
||||
post-up /usr/sbin/batctl meshif bat-{{ site_code }} hp 5
|
||||
post-up /usr/sbin/batctl meshif bat-{{ site_code }} it 5000
|
||||
post-up /usr/sbin/batctl meshif bat-{{ site_code }} mff 1
|
||||
|
||||
|
||||
# dmy-{{ site_code }}
|
||||
|
|
|
@ -1,17 +1,7 @@
|
|||
---
|
||||
|
||||
- name: Enable backports
|
||||
apt_repository: repo='deb http://deb.debian.org/debian buster-backports main'
|
||||
|
||||
- name: Install kernel headers
|
||||
apt: name=linux-headers-amd64
|
||||
|
||||
- name: Install wireguard from backports
|
||||
apt:
|
||||
name:
|
||||
- wireguard-dkms
|
||||
- wireguard-tools
|
||||
default_release: buster-backports
|
||||
- name: Install wireguard
|
||||
apt: name=wireguard-tools
|
||||
|
||||
- name: Create wireguard config directory
|
||||
file:
|
||||
|
@ -28,7 +18,8 @@
|
|||
notify: Reload interfaces
|
||||
|
||||
- name: Install wgskex
|
||||
apt: deb=http://moepman.eu/tmp/wgskex_0.1.0_amd64.deb
|
||||
apt: deb=http://moepman.eu/tmp/wgskex_0.3.3_amd64.deb
|
||||
|
||||
|
||||
- name: Install ping endpoint
|
||||
copy: src=ping dest=/var/www/html/ping
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
# vx-{{ site_code }}
|
||||
auto vx-{{ site_code }}
|
||||
iface vx-{{ site_code }}
|
||||
mtu 1350
|
||||
vxlan-physdev wg-{{ site_code }}
|
||||
pre-up ip -6 link add vx-{{ site_code }} type vxlan id {{ vx_wg_vni }} local fe80::{{ gateway_id }} dev wg-{{ site_code }} noudpcsum dstport 8472
|
||||
up ip link set vx-{{ site_code }} up
|
||||
post-up ip link set vx-{{ site_code }} mtu 1350
|
||||
post-up batctl -m bat-{{ site_code }} if add vx-{{ site_code }}
|
||||
post-up batctl meshif bat-{{ site_code }} if add vx-{{ site_code }}
|
||||
down ip link set vx-{{ site_code }} down
|
||||
post-down ip -6 link del vx-{{ site_code }}
|
||||
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
netbox_group: netbox
|
||||
netbox_user: netbox
|
||||
netbox_version: 2.11.9
|
||||
netbox_version: 4.0.3
|
||||
|
|
|
@ -27,77 +27,95 @@
|
|||
- postgresql
|
||||
- python3-psycopg2
|
||||
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db:
|
||||
name: '{{ netbox_dbname }}'
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user:
|
||||
name: "{{ netbox_dbuser }}"
|
||||
password: "{{ netbox_dbpass }}"
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Configure PostgreSQL user
|
||||
postgresql_user:
|
||||
db: '{{ netbox_dbname }}'
|
||||
name: '{{ netbox_dbuser }}'
|
||||
password: '{{ netbox_dbpass }}'
|
||||
priv: ALL
|
||||
state: present
|
||||
- name: Configure PostgreSQL database
|
||||
postgresql_db:
|
||||
name: "{{ netbox_dbname }}"
|
||||
owner: "{{ netbox_dbuser }}"
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Install redis
|
||||
apt: name=redis-server
|
||||
|
||||
# TODO configure redis?
|
||||
|
||||
- name: Unpack netbox
|
||||
unarchive:
|
||||
src: 'https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz'
|
||||
src: "https://github.com/netbox-community/netbox/archive/v{{ netbox_version }}.tar.gz"
|
||||
dest: /opt
|
||||
remote_src: yes
|
||||
creates: '/opt/netbox-{{ netbox_version }}'
|
||||
creates: "/opt/netbox-{{ netbox_version }}"
|
||||
register: netbox_unarchive
|
||||
|
||||
- name: Configure netbox
|
||||
template:
|
||||
src: configuration.py.j2
|
||||
dest: '/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py'
|
||||
owner: '{{ netbox_user }}'
|
||||
group: '{{ netbox_group }}'
|
||||
dest: "/opt/netbox-{{ netbox_version }}/netbox/netbox/configuration.py"
|
||||
owner: "{{ netbox_user }}"
|
||||
group: "{{ netbox_group }}"
|
||||
notify: Restart netbox
|
||||
|
||||
- name: Configure gunicorn
|
||||
template:
|
||||
src: gunicorn.py.j2
|
||||
dest: '/opt/netbox-{{ netbox_version }}/gunicorn.py'
|
||||
owner: '{{ netbox_user }}'
|
||||
group: '{{ netbox_group }}'
|
||||
dest: "/opt/netbox-{{ netbox_version }}/gunicorn.py"
|
||||
owner: "{{ netbox_user }}"
|
||||
group: "{{ netbox_group }}"
|
||||
|
||||
- name: Netbox file permissions
|
||||
file:
|
||||
path: '/opt/netbox-{{ netbox_version }}'
|
||||
owner: '{{ netbox_user }}'
|
||||
group: '{{ netbox_group }}'
|
||||
path: "/opt/netbox-{{ netbox_version }}"
|
||||
owner: "{{ netbox_user }}"
|
||||
group: "{{ netbox_group }}"
|
||||
recurse: yes
|
||||
|
||||
- name: Fix psycopg variant
|
||||
lineinfile:
|
||||
path: "/opt/netbox-{{ netbox_version }}/requirements.txt"
|
||||
regexp: '^psycopg\[.*,pool\]==(.*)$'
|
||||
line: 'psycopg[binary,pool]==\1'
|
||||
backrefs: yes
|
||||
register: netbox_psycopg_fix
|
||||
|
||||
- name: Run upgrade script
|
||||
command:
|
||||
cmd: ./upgrade.sh
|
||||
chdir: '/opt/netbox-{{ netbox_version }}'
|
||||
chdir: "/opt/netbox-{{ netbox_version }}"
|
||||
become: true
|
||||
become_user: '{{ netbox_user }}'
|
||||
when: netbox_unarchive.changed
|
||||
become_user: "{{ netbox_user }}"
|
||||
when: netbox_unarchive.changed or netbox_psycopg_fix.changed
|
||||
|
||||
# TODO - still manual work
|
||||
# * Create a super user
|
||||
# * Migrate media files
|
||||
|
||||
- name: Install netbox housekeeping cronjob
|
||||
template:
|
||||
src: netbox-housekeeping.sh.j2
|
||||
dest: /etc/cron.daily/netbox-housekeeping.sh
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure certificates are available
|
||||
command:
|
||||
cmd: >
|
||||
openssl req -x509 -nodes -newkey rsa:2048
|
||||
-keyout /etc/nginx/ssl/{{ netbox_domain }}.key -out /etc/nginx/ssl/{{ netbox_domain }}.crt
|
||||
-days 730 -subj "/CN={{ netbox_domain }}"
|
||||
creates: '/etc/nginx/ssl/{{ netbox_domain }}.crt'
|
||||
creates: "/etc/nginx/ssl/{{ netbox_domain }}.crt"
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Request nsupdate key for certificate
|
||||
include_role: name=acme-dnskey-generate
|
||||
vars:
|
||||
acme_dnskey_san_domains:
|
||||
- "{{ netbox_domain }}"
|
||||
when: "'kitchen' in group_names"
|
||||
|
||||
- name: Configure certificate manager for netbox
|
||||
template: src=certs.j2 dest=/etc/acertmgr/{{ netbox_domain }}.conf
|
||||
notify: Run acertmgr
|
||||
|
@ -107,7 +125,7 @@
|
|||
src: vhost.j2
|
||||
dest: /etc/nginx/sites-available/netbox
|
||||
owner: root
|
||||
mode: '0644'
|
||||
mode: "0644"
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable vhost
|
||||
|
|
|
@ -34,6 +34,9 @@ REDIS = {
|
|||
'PASSWORD': '',
|
||||
'DATABASE': 0,
|
||||
'SSL': False,
|
||||
# Set this to True to skip TLS certificate verification
|
||||
# This can expose the connection to attacks, be careful
|
||||
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||
},
|
||||
'caching': {
|
||||
'HOST': 'localhost',
|
||||
|
@ -44,6 +47,9 @@ REDIS = {
|
|||
'PASSWORD': '',
|
||||
'DATABASE': 1,
|
||||
'SSL': False,
|
||||
# Set this to True to skip TLS certificate verification
|
||||
# This can expose the connection to attacks, be careful
|
||||
# 'INSECURE_SKIP_TLS_VERIFY': False,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -63,32 +69,13 @@ SECRET_KEY = '{{ netbox_secret }}'
|
|||
# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
|
||||
# application errors (assuming correct email settings are provided).
|
||||
ADMINS = [
|
||||
# ['John Doe', 'jdoe@example.com'],
|
||||
# ('John Doe', 'jdoe@example.com'),
|
||||
]
|
||||
|
||||
# URL schemes that are allowed within links in NetBox
|
||||
ALLOWED_URL_SCHEMES = (
|
||||
'file', 'ftp', 'ftps', 'http', 'https', 'irc', 'mailto', 'sftp', 'ssh', 'tel', 'telnet', 'tftp', 'vnc', 'xmpp',
|
||||
)
|
||||
|
||||
# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
|
||||
# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
|
||||
BANNER_TOP = ''
|
||||
BANNER_BOTTOM = ''
|
||||
|
||||
# Text to include on the login page above the login form. HTML is allowed.
|
||||
BANNER_LOGIN = ''
|
||||
|
||||
# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
|
||||
# Base URL path if accessing NetBox within a directory. For example, if installed at https://example.com/netbox/, set:
|
||||
# BASE_PATH = 'netbox/'
|
||||
BASE_PATH = ''
|
||||
|
||||
# Cache timeout in seconds. Set to 0 to dissable caching. Defaults to 900 (15 minutes)
|
||||
CACHE_TIMEOUT = 900
|
||||
|
||||
# Maximum number of days to retain logged changes. Set to 0 to retain changes indefinitely. (Default: 90)
|
||||
CHANGELOG_RETENTION = 90
|
||||
|
||||
# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
|
||||
# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
|
||||
# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
|
||||
|
@ -117,10 +104,6 @@ EMAIL = {
|
|||
'FROM_EMAIL': '',
|
||||
}
|
||||
|
||||
# Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
|
||||
# (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
|
||||
ENFORCE_GLOBAL_UNIQUE = False
|
||||
|
||||
# Exempt certain models from the enforcement of view permissions. Models listed here will be viewable by all users and
|
||||
# by anonymous users. List models in the form `<app>.<model>`. Add '*' to this list to exempt all models.
|
||||
EXEMPT_VIEW_PERMISSIONS = [
|
||||
|
@ -143,22 +126,18 @@ INTERNAL_IPS = ('127.0.0.1', '::1')
|
|||
# https://docs.djangoproject.com/en/stable/topics/logging/
|
||||
LOGGING = {}
|
||||
|
||||
# Automatically reset the lifetime of a valid session upon each authenticated request. Enables users to remain
|
||||
# authenticated to NetBox indefinitely.
|
||||
LOGIN_PERSISTENCE = False
|
||||
|
||||
# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
|
||||
# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
|
||||
# are permitted to access most data in NetBox but not make any changes.
|
||||
LOGIN_REQUIRED = True
|
||||
|
||||
# The length of time (in seconds) for which a user will remain logged into the web UI before being prompted to
|
||||
# re-authenticate. (Default: 1209600 [14 days])
|
||||
LOGIN_TIMEOUT = None
|
||||
|
||||
# Setting this to True will display a "maintenance mode" banner at the top of every page.
|
||||
MAINTENANCE_MODE = False
|
||||
|
||||
# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
|
||||
# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
|
||||
# all objects by specifying "?limit=0".
|
||||
MAX_PAGE_SIZE = 1000
|
||||
|
||||
# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
|
||||
# the default value of this setting is derived from the installed location.
|
||||
# MEDIA_ROOT = '/opt/netbox/netbox/media'
|
||||
|
@ -176,20 +155,6 @@ MAX_PAGE_SIZE = 1000
|
|||
# Expose Prometheus monitoring metrics at the HTTP endpoint '/metrics'
|
||||
METRICS_ENABLED = False
|
||||
|
||||
# Credentials that NetBox will uses to authenticate to devices when connecting via NAPALM.
|
||||
NAPALM_USERNAME = ''
|
||||
NAPALM_PASSWORD = ''
|
||||
|
||||
# NAPALM timeout (in seconds). (Default: 30)
|
||||
NAPALM_TIMEOUT = 30
|
||||
|
||||
# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
|
||||
# be provided as a dictionary.
|
||||
NAPALM_ARGS = {}
|
||||
|
||||
# Determine how many objects to display per page within a list. (Default: 50)
|
||||
PAGINATE_COUNT = 50
|
||||
|
||||
# Enable installed plugins. Add the name of each plugin to the list.
|
||||
PLUGINS = []
|
||||
|
||||
|
@ -202,14 +167,6 @@ PLUGINS = []
|
|||
# }
|
||||
# }
|
||||
|
||||
# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
|
||||
# prefer IPv4 instead.
|
||||
PREFER_IPV4 = False
|
||||
|
||||
# Rack elevation size defaults, in pixels. For best results, the ratio of width to height should be roughly 10:1.
|
||||
RACK_ELEVATION_DEFAULT_UNIT_HEIGHT = 22
|
||||
RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
|
||||
|
||||
# Remote authentication support
|
||||
REMOTE_AUTH_ENABLED = False
|
||||
REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
|
||||
|
@ -218,9 +175,6 @@ REMOTE_AUTH_AUTO_CREATE_USER = True
|
|||
REMOTE_AUTH_DEFAULT_GROUPS = []
|
||||
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
|
||||
|
||||
# This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
|
||||
RELEASE_CHECK_TIMEOUT = 24 * 3600
|
||||
|
||||
# This repository is used to check whether there is a new release of NetBox available. Set to None to disable the
|
||||
# version check or use the URL below to check for release in the official NetBox repository.
|
||||
RELEASE_CHECK_URL = None
|
||||
|
@ -237,6 +191,9 @@ RQ_DEFAULT_TIMEOUT = 300
|
|||
# this setting is derived from the installed location.
|
||||
# SCRIPTS_ROOT = '/opt/netbox/netbox/scripts'
|
||||
|
||||
# The name to use for the session cookie.
|
||||
SESSION_COOKIE_NAME = 'sessionid'
|
||||
|
||||
# By default, NetBox will store session data in the database. Alternatively, a file path can be specified here to use
|
||||
# local file storage instead. (This can be useful for enabling authentication on a standby instance with read-only
|
||||
# database access.) Note that the user as which NetBox runs must have read and write permissions to this path.
|
||||
|
|
9
roles/netbox/templates/netbox-housekeeping.sh.j2
Normal file
9
roles/netbox/templates/netbox-housekeeping.sh.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
# This shell script invokes NetBox's housekeeping management command, which
|
||||
# intended to be run nightly. This script can be copied into your system's
|
||||
# daily cron directory (e.g. /etc/cron.daily), or referenced directly from
|
||||
# within the cron configuration file.
|
||||
#
|
||||
# If NetBox has been installed into a nonstandard location, update the paths
|
||||
# below.
|
||||
/opt/netbox-{{ netbox_version }}/venv/bin/python /opt/netbox-{{ netbox_version }}/netbox/manage.py housekeeping
|
|
@ -7,8 +7,8 @@ Wants=network-online.target
|
|||
[Service]
|
||||
Type=simple
|
||||
|
||||
User=netbox
|
||||
Group=netbox
|
||||
User={{ netbox_user }}
|
||||
Group={{ netbox_group }}
|
||||
WorkingDirectory=/opt/netbox-{{ netbox_version }}
|
||||
|
||||
ExecStart=/opt/netbox-{{ netbox_version }}/venv/bin/python3 /opt/netbox-{{ netbox_version }}/netbox/manage.py rqworker
|
||||
|
|
|
@ -7,8 +7,8 @@ Wants=network-online.target
|
|||
[Service]
|
||||
Type=simple
|
||||
|
||||
User=netbox
|
||||
Group=netbox
|
||||
User={{ netbox_user }}
|
||||
Group={{ netbox_group }}
|
||||
PIDFile=/var/tmp/netbox.pid
|
||||
WorkingDirectory=/opt/netbox-{{ netbox_version }}
|
||||
|
||||
|
|
|
@ -30,9 +30,9 @@ server {
|
|||
location / {
|
||||
client_max_body_size 32M;
|
||||
|
||||
proxy_pass http://localhost:8001;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://localhost:8001;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
- name: Ensure network and dns are available before nginx
|
||||
lineinfile:
|
||||
dest: /lib/systemd/system/nginx.service
|
||||
line: "After=network-online.target nss-lookup.target"
|
||||
line: "After=network-online.target remote-fs.target nss-lookup.target"
|
||||
regexp: "^After="
|
||||
|
||||
- name: Start nginx
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
---
|
||||
|
||||
- name: Restart ntp
|
||||
service: name=ntp state=restarted
|
||||
|
||||
- name: Restart ntpd
|
||||
service: name=ntpd state=restarted
|
||||
- name: Restart chrony
|
||||
service: name=chrony state=restarted
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
|
||||
- name: Install ntp
|
||||
apt: name=ntp
|
||||
- name: Install chrony
|
||||
apt: name=chrony
|
||||
|
||||
- name: Configure ntp
|
||||
template: src=ntp.conf.j2 dest=/etc/ntp.conf
|
||||
notify: Restart ntp
|
||||
- name: Configure chrony
|
||||
template: src=chrony.conf.j2 dest=/etc/chrony/chrony.conf
|
||||
notify: Restart chrony
|
||||
|
||||
- name: Start the ntp service
|
||||
service: name=ntp state=started enabled=yes
|
||||
- name: Start chrony
|
||||
service: name=chrony state=started enabled=yes
|
||||
|
|
53
roles/ntp/templates/chrony.conf.j2
Normal file
53
roles/ntp/templates/chrony.conf.j2
Normal file
|
@ -0,0 +1,53 @@
|
|||
# Welcome to the chrony configuration file. See chrony.conf(5) for more
|
||||
# information about usable directives.
|
||||
|
||||
# Include configuration files found in /etc/chrony/conf.d.
|
||||
confdir /etc/chrony/conf.d
|
||||
|
||||
{% for srv in ntp_servers %}
|
||||
server {{ srv }} iburst
|
||||
{% endfor %}
|
||||
{% if ntp_peers is defined %}
|
||||
|
||||
{% for peer in ntp_peers %}
|
||||
peer {{ peer }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if ntp_server is defined and ntp_server is true %}
|
||||
allow 10.90.0.0/16
|
||||
allow 2001:678:ddc::/48
|
||||
{% endif -%}
|
||||
|
||||
# This directive specify the location of the file containing ID/key pairs for
|
||||
# NTP authentication.
|
||||
keyfile /etc/chrony/chrony.keys
|
||||
|
||||
# This directive specify the file into which chronyd will store the rate
|
||||
# information.
|
||||
driftfile /var/lib/chrony/chrony.drift
|
||||
|
||||
# Save NTS keys and cookies.
|
||||
ntsdumpdir /var/lib/chrony
|
||||
|
||||
# Uncomment the following line to turn logging on.
|
||||
#log tracking measurements statistics
|
||||
|
||||
# Log files location.
|
||||
logdir /var/log/chrony
|
||||
|
||||
# Stop bad estimates upsetting machine clock.
|
||||
maxupdateskew 100.0
|
||||
|
||||
# This directive enables kernel synchronisation (every 11 minutes) of the
|
||||
# real-time clock. Note that it can't be used along with the 'rtcfile' directive.
|
||||
rtcsync
|
||||
|
||||
# Step the system clock instead of slewing it if the adjustment is larger than
|
||||
# one second, but only in the first three clock updates.
|
||||
makestep 1 3
|
||||
|
||||
# Get TAI-UTC offset and leap seconds from the system tz database.
|
||||
# This directive must be commented out when using time sources serving
|
||||
# leap-smeared time.
|
||||
leapsectz right/UTC
|
|
@ -1,17 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
{% for srv in ntp_servers %}
|
||||
server {{ srv }} iburst
|
||||
{% endfor %}
|
||||
{% if ntp_peers is defined %}
|
||||
|
||||
{% for peer in ntp_peers %}
|
||||
peer {{ peer }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
restrict default kod nomodify notrap nopeer noquery
|
||||
restrict -6 default kod nomodify notrap nopeer noquery
|
||||
|
||||
restrict 127.0.0.1
|
||||
restrict -6 ::1
|
|
@ -6,6 +6,7 @@
|
|||
- name: Install dependencies
|
||||
apt:
|
||||
name:
|
||||
- python3-pip
|
||||
- python3-setuptools
|
||||
- virtualenv
|
||||
|
||||
|
@ -21,6 +22,13 @@
|
|||
- Reload systemd
|
||||
- Restart prometheus-pve-exporter
|
||||
|
||||
- name: Configure prometheus retention
|
||||
lineinfile:
|
||||
path: /etc/default/prometheus
|
||||
regexp: '^ARGS=.*$'
|
||||
line: 'ARGS="--storage.tsdb.retention.time=365d"'
|
||||
notify: Restart prometheus
|
||||
|
||||
- name: Configure prometheus
|
||||
template: src=prometheus.yml.j2 dest=/etc/prometheus/prometheus.yml
|
||||
notify: Restart prometheus
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
Telegraf
|
||||
========
|
||||
|
||||
An Ansible role to install, configure, and manage [Telegraf](https://github.com/influxdb/telegraf), the plugin-driven server agent for reporting metrics into InfluxDB.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
Prior knowledge/experience with InfluxDB and Telegraf is highly recommended. Full documentation is available [here](https://docs.influxdata.com).
|
||||
|
||||
Installation
|
||||
------------
|
||||
|
||||
Either clone this repository, or install through Ansible Galaxy directly using the command:
|
||||
|
||||
```
|
||||
ansible-galaxy install rossmcdonald.telegraf
|
||||
```
|
||||
|
||||
Role Variables
|
||||
--------------
|
||||
|
||||
The high-level variables are stored in the `defaults/main.yml` file. The most important ones being:
|
||||
|
||||
```
|
||||
# Channel of Telegraf to install (currently only 'stable' is supported)
|
||||
telegraf_install_version: stable
|
||||
```
|
||||
|
||||
More advanced configuration options are stored in the `vars/main.yml` file, which includes all of the necessary bells and whistles to tweak your configuration.
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
No other Ansible dependencies are required. This role was tested and developed with Ansible 1.9.4.
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
An example playbook is included in the `test.yml` file. There is also a `Vagrantfile`, which can be used for quick local testing leveraging [Vagrant](https://www.vagrantup.com/).
|
||||
|
||||
Contributions and Feedback
|
||||
--------------------------
|
||||
|
||||
Any contributions are welcome. For any bugs or feature requests, please open an issue through Github.
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
MIT
|
||||
|
||||
Author
|
||||
------
|
||||
|
||||
Created by [Ross McDonald](https://github.com/rossmcdonald).
|
||||
|
40
roles/telegraf/Vagrantfile
vendored
40
roles/telegraf/Vagrantfile
vendored
|
@ -1,40 +0,0 @@
|
|||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
Vagrant.configure(2) do |config|
|
||||
config.vm.box = "ubuntu/trusty64"
|
||||
# config.vm.box = "ubuntu/vivid64"
|
||||
# config.vm.box = "relativkreativ/centos-7-minimal"
|
||||
# config.vm.box = "box-cutter/fedora22"
|
||||
# config.vm.box = "puppetlabs/centos-6.6-64-nocm"
|
||||
# config.vm.box = "debian/jessie64"
|
||||
|
||||
BOX_COUNT = 1
|
||||
(1..BOX_COUNT).each do |machine_id|
|
||||
config.vm.define "telegraf#{machine_id}" do |machine|
|
||||
machine.vm.hostname = "telegraf#{machine_id}"
|
||||
# machine.vm.network "private_network", ip: "10.0.3.#{1+machine_id}", virtualbox__intnet: true
|
||||
# machine.vm.network "public_network"
|
||||
machine.vm.network "public_network", :bridge => 'en0: Wi-Fi (AirPort)'
|
||||
|
||||
machine.vm.provider "virtualbox" do |v|
|
||||
v.memory = 512
|
||||
v.cpus = 1
|
||||
end
|
||||
|
||||
if machine_id == BOX_COUNT
|
||||
machine.vm.provision "ansible" do |ansible|
|
||||
# ansible.verbose = 'vvvv'
|
||||
ansible.limit = 'all'
|
||||
ansible.playbook = "test.yml"
|
||||
ansible.sudo = true
|
||||
ansible.host_key_checking = false
|
||||
ansible.extra_vars = {
|
||||
is_vagrant: true,
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,85 +0,0 @@
|
|||
---
|
||||
# Channel of Telegraf to install
|
||||
telegraf_install_version: stable
|
||||
|
||||
# The user and group telegraf should run under (should be set to telegraf unless needed otherwise)
|
||||
telegraf_runas_user: telegraf
|
||||
telegraf_runas_group: telegraf
|
||||
|
||||
# Configuration Template
|
||||
telegraf_configuration_template: telegraf.conf.j2
|
||||
|
||||
# Configuration Variables
|
||||
telegraf_tags:
|
||||
telegraf_aws_tags: false
|
||||
telegraf_aws_tags_prefix:
|
||||
|
||||
telegraf_agent_interval: 10s
|
||||
telegraf_round_interval: "true"
|
||||
telegraf_metric_batch_size: "1000"
|
||||
telegraf_metric_buffer_limit: "10000"
|
||||
|
||||
telegraf_collection_jitter: 0s
|
||||
telegraf_flush_interval: 10s
|
||||
telegraf_flush_jitter: 0s
|
||||
telegraf_debug: "false"
|
||||
telegraf_quiet: "false"
|
||||
telegraf_hostname:
|
||||
telegraf_omit_hostname: "false"
|
||||
telegraf_install_url:
|
||||
|
||||
|
||||
telegraf_influxdb_url: http://stats.regensburg.freifunk.net:8086
|
||||
telegraf_influxdb_database: telegraf
|
||||
telegraf_influxdb_precision: s
|
||||
telegraf_influxdb_retention_policy: autogen
|
||||
telegraf_influxdb_write_consistency: any
|
||||
telegraf_influxdb_ssl_ca:
|
||||
telegraf_influxdb_ssl_cert:
|
||||
telegraf_influxdb_ssl_key:
|
||||
telegraf_influxdb_insecure_skip_verify:
|
||||
|
||||
telegraf_influxdb_timeout: 5s
|
||||
telegraf_influxdb_username: telegraf
|
||||
telegraf_influxdb_password:
|
||||
telegraf_influxdb_user_agent:
|
||||
telegraf_influxdb_udp_payload:
|
||||
|
||||
telegraf_plugins_base:
|
||||
- name: swap
|
||||
- name: processes
|
||||
- name: kernel
|
||||
- name: netstat
|
||||
- name: mem
|
||||
- name: system
|
||||
- name: cpu
|
||||
options:
|
||||
percpu: "true"
|
||||
totalcpu: "true"
|
||||
collect_cpu_time: "false"
|
||||
report_active: "false"
|
||||
fielddrop:
|
||||
- "time_*"
|
||||
- name: disk
|
||||
options:
|
||||
mountpoints:
|
||||
- "/"
|
||||
ignore_fs:
|
||||
- "tmpfs"
|
||||
- "devtmpfs"
|
||||
- "devfs"
|
||||
- name: diskio
|
||||
options:
|
||||
skip_serial_number: "true"
|
||||
- name: procstat
|
||||
options:
|
||||
exe: "influxd"
|
||||
prefix: "influxdb"
|
||||
- name: net
|
||||
options:
|
||||
interfaces:
|
||||
- "eth0"
|
||||
|
||||
telegraf_plugins: "{{ telegraf_plugins_base }} + {{ telegraf_plugins_extra | default([]) }}"
|
||||
|
||||
telegraf_influxdata_base_url: "https://repos.influxdata.com"
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
# The order here matters
|
||||
- name: restart telegraf
|
||||
service:
|
||||
name: telegraf
|
||||
state: restarted
|
||||
become: true
|
||||
when: telegraf_start_service
|
||||
|
||||
- name: pause
|
||||
pause:
|
||||
seconds: "{{ telegraf_start_delay }}"
|
||||
when: telegraf_start_service
|
||||
|
||||
## After version 2.2 of ansible 'listen' could be used to
|
||||
## group 'check status' and 'assert running' into a single listener
|
||||
- name: check status
|
||||
command: service telegraf status
|
||||
args:
|
||||
warn: false
|
||||
ignore_errors: yes
|
||||
register: telegraf_service_status
|
||||
become: true
|
||||
when: telegraf_start_service
|
||||
|
||||
- name: assert running
|
||||
assert:
|
||||
that:
|
||||
- "telegraf_service_status.rc == 0"
|
||||
when: telegraf_start_service
|
|
@ -1,24 +0,0 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Ross McDonald
|
||||
description: Install and configure Telegraf, the plugin-driven server agent for reporting metrics into InfluxDB
|
||||
company: InfluxData
|
||||
license: MIT
|
||||
min_ansible_version: 1.2
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- trusty
|
||||
- utopic
|
||||
- vivid
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
- wheezy
|
||||
categories:
|
||||
- monitoring
|
||||
dependencies: []
|
|
@ -1,70 +0,0 @@
|
|||
---
|
||||
- name: Retrieve ec2 facts
|
||||
ec2_metadata_facts:
|
||||
when: telegraf_aws_tags
|
||||
|
||||
- name: Retrieve all ec2 tags on the instance
|
||||
ec2_tag:
|
||||
region: "{{ ansible_ec2_placement_region }}"
|
||||
resource: "{{ ansible_ec2_instance_id }}"
|
||||
state: list
|
||||
when: telegraf_aws_tags
|
||||
register: ec2_tags
|
||||
|
||||
- name: get the rpm or apt package facts
|
||||
package_facts:
|
||||
manager: "auto"
|
||||
|
||||
- name: Set templatized Telegraf configuration
|
||||
template:
|
||||
src: "{{ telegraf_configuration_template }}"
|
||||
dest: "{{ telegraf_configuration_dir }}/telegraf.conf"
|
||||
force: yes
|
||||
backup: yes
|
||||
owner: telegraf
|
||||
group: telegraf
|
||||
mode: 0740
|
||||
when: telegraf_template_configuration
|
||||
# If config changes, restart telegraf and confirm it remained running
|
||||
notify:
|
||||
- "restart telegraf"
|
||||
- "pause"
|
||||
- "check status"
|
||||
- "assert running"
|
||||
|
||||
- name: Test for sysvinit script
|
||||
stat:
|
||||
path: /etc/init.d/telegraf
|
||||
register: telegraf_sysvinit_script
|
||||
|
||||
- name: Modify user Telegraf should run as [sysvinit]
|
||||
replace:
|
||||
path: /etc/init.d/telegraf
|
||||
regexp: USER=.*
|
||||
replace: USER={{ telegraf_runas_user }}
|
||||
when: telegraf_runas_user != "telegraf" and telegraf_sysvinit_script.stat.exists
|
||||
|
||||
- name: Modify group Telegraf should run as [sysvinit]
|
||||
replace:
|
||||
path: /etc/init.d/telegraf
|
||||
regexp: GROUP=.*
|
||||
replace: GROUP={{ telegraf_runas_group }}
|
||||
when: telegraf_runas_group != "telegraf" and telegraf_sysvinit_script.stat.exists
|
||||
|
||||
- name: Create systemd service directory [systemd]
|
||||
file:
|
||||
path: /etc/systemd/system/telegraf.service.d
|
||||
state: directory
|
||||
when: telegraf_runas_user != "telegraf" and not telegraf_sysvinit_script.stat.exists
|
||||
|
||||
- name: Modify user Telegraf should run as [systemd]
|
||||
template:
|
||||
src: systemd/system/telegraf.service.d/override.conf
|
||||
dest: /etc/systemd/system/telegraf.service.d/override.conf
|
||||
when: telegraf_runas_user != "telegraf" and not telegraf_sysvinit_script.stat.exists
|
||||
register: telegraf_unit_file_updated
|
||||
|
||||
- name: Reload systemd configuration [systemd]
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
when: telegraf_unit_file_updated is defined and telegraf_unit_file_updated.changed
|
|
@ -1,55 +0,0 @@
|
|||
---
|
||||
- name: Install any necessary dependencies [Debian/Ubuntu]
|
||||
apt:
|
||||
name:
|
||||
- python-httplib2
|
||||
- python-apt
|
||||
- curl
|
||||
- apt-transport-https
|
||||
state: present
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
register: apt_result
|
||||
until: apt_result is success
|
||||
retries: 2
|
||||
delay: 5
|
||||
|
||||
- name: Import InfluxData GPG signing key [Debian/Ubuntu]
|
||||
apt_key:
|
||||
url: "{{ telegraf_influxdata_base_url }}/influxdb.key"
|
||||
state: present
|
||||
when: telegraf_install_url is not defined or telegraf_install_url == None
|
||||
|
||||
- name: Add InfluxData repository [Debian/Ubuntu]
|
||||
apt_repository:
|
||||
repo: deb {{ telegraf_influxdata_base_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ telegraf_install_version }}
|
||||
state: present
|
||||
when: telegraf_install_url is not defined or telegraf_install_url == None
|
||||
|
||||
- name: Install Telegraf packages [Debian/Ubuntu]
|
||||
apt:
|
||||
name: telegraf
|
||||
state: latest
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
register: apt_result
|
||||
until: apt_result is success
|
||||
retries: 2
|
||||
delay: 5
|
||||
when: telegraf_install_url is not defined or telegraf_install_url == None
|
||||
|
||||
- name: Download Telegraf package via URL [Debian/Ubuntu]
|
||||
get_url:
|
||||
url: "{{ telegraf_install_url }}"
|
||||
dest: /tmp/telegraf-ansible-download.deb
|
||||
when: telegraf_install_url is defined and telegraf_install_url != None
|
||||
|
||||
- name: Install downloaded Telegraf package [Debian/Ubuntu]
|
||||
apt:
|
||||
deb: /tmp/telegraf-ansible-download.deb
|
||||
state: present
|
||||
register: apt_result
|
||||
until: apt_result is success
|
||||
retries: 2
|
||||
delay: 5
|
||||
when: telegraf_install_url is defined and telegraf_install_url != None
|
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
- name: Add InfluxData repository file [RHEL/CentOS]
|
||||
template:
|
||||
src: etc/yum.repos.d/influxdata.repo.j2
|
||||
dest: /etc/yum.repos.d/influxdata.repo
|
||||
force: yes
|
||||
backup: yes
|
||||
when: telegraf_install_url is not defined or telegraf_install_url == None
|
||||
|
||||
- name: Install Telegraf packages [RHEL/CentOS]
|
||||
yum:
|
||||
name: telegraf
|
||||
state: latest
|
||||
update_cache: yes
|
||||
when: telegraf_install_url is not defined or telegraf_install_url == None
|
||||
|
||||
- name: Install Telegraf from URL [RHEL/CentOS]
|
||||
yum:
|
||||
name: "{{ telegraf_install_url }}"
|
||||
state: present
|
||||
when: telegraf_install_url is defined and telegraf_install_url != None
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- include: install-redhat.yml
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- include: install-debian.yml
|
||||
when: ansible_os_family == "Debian"
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- include: install.yml
|
||||
tags: [telegraf, install]
|
||||
|
||||
- include: configure.yml
|
||||
tags: [telegraf, configure]
|
||||
|
||||
- include: start.yml
|
||||
tags: [telegraf, start]
|
||||
when: telegraf_start_service
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
- name: Start the Telegraf service
|
||||
service:
|
||||
name: telegraf
|
||||
state: started
|
||||
enabled: yes
|
||||
# Only care to check the status if the state changed to 'started'
|
||||
notify:
|
||||
- "pause"
|
||||
- "check status"
|
||||
- "assert running"
|
||||
become: true
|
|
@ -1,13 +0,0 @@
|
|||
[influxdb]
|
||||
name = InfluxDB Repository - {{ ansible_distribution }} $releasever
|
||||
{% if ansible_distribution|lower == "amazon" %}
|
||||
baseurl = "{{ telegraf_influxdata_base_url }}/centos/6/amd64/{{ telegraf_install_version }}"
|
||||
{% elif ansible_distribution|lower == "redhat" %}
|
||||
baseurl = {{ telegraf_influxdata_base_url }}/rhel/$releasever/$basearch/{{ telegraf_install_version }}
|
||||
{% else %}
|
||||
baseurl = {{ telegraf_influxdata_base_url }}/{{ ansible_distribution|lower }}/$releasever/$basearch/{{ telegraf_install_version }}
|
||||
{% endif %}
|
||||
enabled = 1
|
||||
gpgcheck = 1
|
||||
gpgkey = {{ telegraf_influxdata_base_url }}/influxdb.key
|
||||
sslverify = 1
|
|
@ -1,2 +0,0 @@
|
|||
[Service]
|
||||
User={{ telegraf_runas_user }}
|
|
@ -1,181 +0,0 @@
|
|||
# Telegraf configuration
|
||||
|
||||
# Telegraf is entirely plugin driven. All metrics are gathered from the
|
||||
# declared plugins.
|
||||
|
||||
# Even if a plugin has no configuration, it must be declared in here
|
||||
# to be active. Declaring a plugin means just specifying the name
|
||||
# as a section with no variables. To deactivate a plugin, comment
|
||||
# out the name and any variables.
|
||||
|
||||
# Use 'telegraf -config telegraf.toml -test' to see what metrics a config
|
||||
# file would generate.
|
||||
|
||||
# One rule that plugins conform to is wherever a connection string
|
||||
# can be passed, the values '' and 'localhost' are treated specially.
|
||||
# They indicate to the plugin to use their own builtin configuration to
|
||||
# connect to the local system.
|
||||
|
||||
# NOTE: The configuration has a few required parameters. They are marked
|
||||
# with 'required'. Be sure to edit those to make this configuration work.
|
||||
|
||||
# Tags can also be specified via a normal map, but only one form at a time:
|
||||
[global_tags]
|
||||
{% if telegraf_tags is defined and telegraf_tags != None %}
|
||||
{% for key, value in telegraf_tags.items()%}
|
||||
{{ key }} = "{{ value }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% if telegraf_aws_tags == true and ec2_tags is defined and ec2_tags != None %}
|
||||
{% for key, value in ec2_tags.tags.items()%}
|
||||
{{ telegraf_aws_tags_prefix }}{{ key }} = "{{ value }}"
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
# Configuration for telegraf agent
|
||||
[agent]
|
||||
## Default data collection interval for all inputs
|
||||
interval = "{{ telegraf_agent_interval }}"
|
||||
## Rounds collection interval to 'interval'
|
||||
## ie, if interval="10s" then always collect on :00, :10, :20, etc.
|
||||
round_interval = {{ telegraf_round_interval }}
|
||||
|
||||
## Telegraf will send metrics to outputs in batches of at
|
||||
## most metric_batch_size metrics.
|
||||
metric_batch_size = {{ telegraf_metric_batch_size }}
|
||||
## For failed writes, telegraf will cache metric_buffer_limit metrics for each
|
||||
## output, and will flush this buffer on a successful write. Oldest metrics
|
||||
## are dropped first when this buffer fills.
|
||||
metric_buffer_limit = {{ telegraf_metric_buffer_limit }}
|
||||
|
||||
## Collection jitter is used to jitter the collection by a random amount.
|
||||
## Each plugin will sleep for a random time within jitter before collecting.
|
||||
## This can be used to avoid many plugins querying things like sysfs at the
|
||||
## same time, which can have a measurable effect on the system.
|
||||
collection_jitter = "{{ telegraf_collection_jitter }}"
|
||||
|
||||
## Default flushing interval for all outputs. You shouldn't set this below
|
||||
## interval. Maximum flush_interval will be flush_interval + flush_jitter
|
||||
flush_interval = "{{ telegraf_flush_interval }}"
|
||||
## Jitter the flush interval by a random amount. This is primarily to avoid
|
||||
## large write spikes for users running a large number of telegraf instances.
|
||||
## ie, a jitter of 5s and interval 10s means flushes will happen every 10-15s
|
||||
flush_jitter = "{{ telegraf_flush_jitter }}"
|
||||
|
||||
## Run telegraf in debug mode
|
||||
debug = {{ telegraf_debug }}
|
||||
## Run telegraf in quiet mode
|
||||
quiet = {{ telegraf_quiet }}
|
||||
|
||||
hostname = "{{ ansible_hostname }}"
|
||||
|
||||
## If set to true, do no set the "host" tag in the telegraf agent.
|
||||
omit_hostname = {{ telegraf_omit_hostname }}
|
||||
|
||||
###############################################################################
|
||||
# OUTPUTS #
|
||||
###############################################################################
|
||||
|
||||
[outputs]
|
||||
|
||||
# Configuration for influxdb server to send metrics to
|
||||
[[outputs.influxdb]]
|
||||
# The full HTTP or UDP endpoint URL for your InfluxDB instance.
|
||||
# Multiple urls can be specified but it is assumed that they are part of the same
|
||||
# cluster, this means that only ONE of the urls will be written to each interval.
|
||||
# urls = ["udp://localhost:8089"] # UDP endpoint example
|
||||
## urls = [ "" ] # required
|
||||
urls = ["{{ telegraf_influxdb_url }}"]
|
||||
# The target database for metrics (telegraf will create it if not exists)
|
||||
database = "{{ telegraf_influxdb_database }}" # required
|
||||
# Precision of writes, valid values are n, u, ms, s, m, and h
|
||||
# note: using second precision greatly helps InfluxDB compression
|
||||
precision = "{{ telegraf_influxdb_precision }}"
|
||||
|
||||
## Retention policy to write to.
|
||||
retention_policy = "{{ telegraf_influxdb_retention_policy }}"
|
||||
## Write consistency (clusters only), can be: "any", "one", "quorom", "all"
|
||||
write_consistency = "{{ telegraf_influxdb_write_consistency }}"
|
||||
|
||||
# Connection timeout (for the connection with InfluxDB), formatted as a string.
|
||||
# If not provided, will default to 0 (no timeout)
|
||||
timeout = "{{ telegraf_influxdb_timeout }}"
|
||||
{% if telegraf_influxdb_username is defined and telegraf_influxdb_username != None %}
|
||||
username = "{{ telegraf_influxdb_username }}"
|
||||
{% endif %}
|
||||
password = "{{ telegraf_influxdb_password }}"
|
||||
# Set the user agent for HTTP POSTs (can be useful for log differentiation)
|
||||
{% if telegraf_influxdb_user_agent is defined and telegraf_influxdb_user_agent != None %}
|
||||
user_agent = "{{ telegraf_influxdb_user_agent }}"
|
||||
{% endif %}
|
||||
# Set UDP payload size, defaults to InfluxDB UDP Client default (512 bytes)
|
||||
{% if telegraf_influxdb_udp_payload is defined and telegraf_influxdb_udp_payload != None %}
|
||||
udp_payload = {{ telegraf_influxdb_udp_payload }}
|
||||
{% endif %}
|
||||
|
||||
## Optional SSL Config
|
||||
{% if telegraf_influxdb_ssl_ca is defined and telegraf_influxdb_ssl_ca != None %}
|
||||
# ssl_ca = "{{ telegraf_influxdb_ssl_ca }}"
|
||||
{% endif %}
|
||||
{% if telegraf_influxdb_ssl_cert is defined and telegraf_influxdb_ssl_cert != None %}
|
||||
# ssl_cert = "{{ telegraf_influxdb_ssl_cert }}"
|
||||
{% endif %}
|
||||
{% if telegraf_influxdb_ssl_key is defined and telegraf_influxdb_ssl_key != None %}
|
||||
# ssl_key = "{{ telegraf_influxdb_ssl_key }}"
|
||||
{% endif %}
|
||||
|
||||
{% if telegraf_influxdb_insecure_skip_verify is defined and telegraf_influxdb_insecure_skip_verify != None %}
|
||||
## Use SSL but skip chain & host verification
|
||||
insecure_skip_verify = {{ telegraf_influxdb_insecure_skip_verify }}
|
||||
{% endif %}
|
||||
|
||||
###############################################################################
|
||||
# PLUGINS #
|
||||
###############################################################################
|
||||
|
||||
{% for plugin in telegraf_plugins %}
|
||||
[[inputs.{{ plugin.name }}]]
|
||||
{% if plugin.options is defined %}
|
||||
{% for key, value in plugin.options.items() %}
|
||||
{% if value is not mapping %}
|
||||
{% if value is sequence and value is not string %}
|
||||
{% if value[0] is number %}
|
||||
{{ key }} = [ {{ value|join(', ') }} ]
|
||||
{% else %}
|
||||
{{ key }} = [ "{{ value|join('", "') }}" ]
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if value == "true" or value == "false" or value is number %}
|
||||
{{ key }} = {{ value | lower }}
|
||||
{% else %}
|
||||
{{ key }} = "{{ value }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% for key, value in plugin.options.items() %}
|
||||
{% if value is mapping %}
|
||||
[inputs.{{ plugin.name }}.{{ key }}]
|
||||
{% for lv2_key, lv2_value in value.items() %}
|
||||
{% if lv2_value is sequence and lv2_value is not string %}
|
||||
{% if lv2_value[0] is number %}
|
||||
{{ lv2_key }} = [ {{ lv2_value|join(', ') }} ]
|
||||
{% else %}
|
||||
{{ lv2_key }} = [ "{{ lv2_value|join('", "') }}" ]
|
||||
{% endif %}
|
||||
{% else %}
|
||||
{% if lv2_value == "true" or lv2_value == "false" or lv2_value is number %}
|
||||
{{ lv2_key }} = {{ lv2_value | lower }}
|
||||
{% else %}
|
||||
{{ lv2_key }} = "{{ lv2_value }}"
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
###############################################################################
|
||||
# service PLUGINS #
|
||||
###############################################################################
|
|
@ -1,8 +0,0 @@
|
|||
- hosts: all
|
||||
vars_files:
|
||||
- defaults/main.yml
|
||||
- vars/main.yml
|
||||
tasks:
|
||||
- include: tasks/main.yml
|
||||
handlers:
|
||||
- include: handlers/main.yml
|
|
@ -1,16 +0,0 @@
|
|||
---
|
||||
|
||||
# Whether or not the playbook is run locally
|
||||
# This should only be set in the Vagrantfile and not modified elsewhere
|
||||
is_vagrant: no
|
||||
|
||||
# If yes, service will be started. Will not be started if set to no.
|
||||
telegraf_start_service: yes
|
||||
telegraf_start_delay: 6
|
||||
|
||||
# If yes, will overwrite the packaged configuration with an Asnible/jinja2 template
|
||||
telegraf_template_configuration: yes
|
||||
|
||||
# Path for finding Telegraf data. Added for backwards-compatibility.
|
||||
telegraf_binary_path: /usr/bin/telegraf
|
||||
telegraf_configuration_dir: /etc/telegraf
|
|
@ -21,7 +21,7 @@
|
|||
- name: Run tileserver container
|
||||
docker_container:
|
||||
name: tileserver
|
||||
image: maptiler/tileserver-gl
|
||||
image: maptiler/tileserver-gl:v4.1.1
|
||||
interactive: yes
|
||||
ports:
|
||||
- "80:80"
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
- name: Run unifi container
|
||||
docker_container:
|
||||
name: unifi
|
||||
image: jacobalberty/unifi:stable
|
||||
image: jacobalberty/unifi:6.1.71
|
||||
env:
|
||||
RUNAS_UID0: "false"
|
||||
TZ: "Europe/Berlin"
|
||||
|
|
|
@ -27,6 +27,7 @@ server {
|
|||
location / {
|
||||
proxy_pass http://localhost:3000/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
}
|
||||
|
||||
location /meshviewer {
|
||||
|
|
Loading…
Reference in New Issue
Block a user