noby
/
ansible
forked from infra/ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: noby:7b03d890961ce966a6dee6ae8de863b92cc569a6
Branches Tags
noby:master
noby:upgrade_20240315
noby:upgrade_20230123
noby:upgrade_20220721
noby:xrdp
noby:workadventure
noby:pizza
infra:kea
infra:master
infra:pizza
...
compare: noby:e2c7bed03540403e163d41a3578d7478f1edff67
Branches Tags
noby:upgrade_20240315
noby:upgrade_20230123
noby:upgrade_20220721
noby:xrdp
noby:workadventure
noby:master
noby:pizza
infra:kea
infra:master
infra:pizza

10 Commits
7b03d89096 ... e2c7bed035

Author SHA1 Message Date
Thomas Basler e2c7bed035 xrdp_apphost: Upgrade EstlCam from 11244 to 11245 2024-03-15 19:36:50 +01:00
Thomas Basler 07a0e22d35 xrdp_apphost: Upgrade LightBurn from 1.3.01 to 1.5.03 2024-03-15 19:12:07 +01:00
Thomas Basler f72960bbc8 xrdp_apphost: Upgrade slicer from 2.5.0 to 2.7.2 2024-03-15 18:57:05 +01:00
Markus 51e673ca94 icinga_agent: [WIP] 2024-03-11 18:23:42 +01:00
Markus b99c41b938 icinga-monitor: fix typo 2024-03-03 15:38:48 +01:00
Markus f839bd1db9 icinga_agent: add basic disk monitoring 2024-03-02 21:01:42 +01:00
Markus d5f8a39219 dns_intern: remove obsolete racktables entry 2024-03-01 22:56:29 +01:00
Markus 36bf2bbc3f icinga-monitor: use follow for http checks 2024-03-01 22:38:40 +01:00
Markus 34b1d83233 icinga_agent: new role to enroll an agent 2024-03-01 22:37:01 +01:00
Markus 0e9d3092e6 gitea: bump to version 1.21.7 2024-02-28 00:30:44 +01:00
13 changed files with 135 additions and 11 deletions
Show Stats Expand all files Collapse all files

2
roles/dns_intern/templates/bind/23.172.in-addr.arpa.zone.j2
View File

@ -1,7 +1,7 @@
$ORIGIN 23.172.in-addr.arpa. ; base for unqualified names
$TTL 1h ; default time-to-live
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
2023011601; serial
2024030100; serial
1d; refresh
2h; retry
4w; expire

3
roles/dns_intern/templates/bind/binary.kitchen.zone.j2
View File

@ -1,7 +1,7 @@
$ORIGIN binary.kitchen ; base for unqualified names
$TTL 1h ; default time-to-live
@ IN SOA ns1.binary.kitchen. hostmaster.binary.kitchen. (
2023011601; serial
2024030100; serial
1d; refresh
2h; retry
4w; expire
@ -30,7 +30,6 @@ netbox IN A 172.23.2.7
ns1 IN A 172.23.2.3
ns2 IN A 172.23.2.4
omm IN A 172.23.2.35
racktables IN A 172.23.2.6
radius IN A 172.23.2.3
radius IN A 172.23.2.4
; Loopback

2
roles/gitea/defaults/main.yml
View File

@ -3,5 +3,5 @@
gitea_user: gogs
gitea_group: gogs
gitea_version: 1.21.6
gitea_version: 1.21.7
gitea_url: https://github.com/go-gitea/gitea/releases/download/v{{ gitea_version }}/gitea-{{ gitea_version }}-linux-amd64

17
roles/icinga-monitor/tasks/disk.yml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Configure monitoring for disk
template:
src: disk.j2
dest: /etc/icinga2/conf.d/hosts/{{ inventory_hostname }}.disk
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
delegate_to: "{{ icinga_server }}"
- name: Regenerate hosts.conf
assemble:
src: /etc/icinga2/conf.d/hosts
dest: /etc/icinga2/conf.d/hosts.conf
# validate: /usr/sbin/icinga2 daemon -c %s --validate
notify: Restart icinga2
delegate_to: "{{ icinga_server }}"

8
roles/icinga-monitor/templates/disk.j2 Normal file
View File

@ -0,0 +1,8 @@
{% for disk in disks %}
vars.disks["disk {{ disk }}"] = {
disk_partitions = "{{ disk }}"
disk_wfree = "10%"
disk_cfree = "5%"
}
{% endfor %}

1
roles/icinga-monitor/templates/http.j2
View File

@ -1,5 +1,6 @@
vars.http_vhosts["{{ vhost }}"] = {
http_onredirect = "follow"
http_sni = "true"
http_ssl = "true"
http_vhost = "{{ vhost }}"

4
roles/icinga_agent/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
icinga_user: nagios
icinga_group: nagios

10
roles/icinga_agent/handlers/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Run acertmgr
command: /usr/bin/acertmgr
- name: Restart icinga2
service: name=icinga2 state=restarted
- name: Restart nginx
service: name=nginx state=restarted

77
roles/icinga_agent/tasks/main.yml Normal file
View File

@ -0,0 +1,77 @@
---
- name: Install icinga
apt: name=icinga2
- name: Check if client is already enrolled
stat:
path: /var/lib/icinga2/certs/{{ ansible_fqdn }}.crt
register: cert_file
- name: Enroll agent on master server
block:
- name: Ensure certificate directory exists
file:
path: /var/lib/icinga2/certs
state: directory
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Copy certificate from master
fetch:
src: /var/lib/icinga2/certs/{{ icinga_server }}.crt
dest: /tmp/{{ icinga_server }}.crt
flat: true
delegate_to: "{{ icinga_server }}"
- name: Copy certificate to host
copy:
src: /tmp/{{ icinga_server }}.crt
dest: /var/lib/icinga2/certs/{{ icinga_server }}.crt
owner: "{{ icinga_user }}"
group: "{{ icinga_group }}"
- name: Get ticket from master
shell: "icinga2 pki ticket --cn {{ ansible_fqdn }}"
register: "icinga_ticket"
changed_when: "False"
delegate_to: "{{ icinga_server }}"
- name: Setup node
command:
argv:
- icinga2
- node
- setup
- --ticket
- "{{ icinga_ticket.stdout | trim }}"
- --endpoint
- "{{ icinga_server }}"
- --zone
- "{{ ansible_fqdn }}"
- --parent_host
- "{{ icinga_server }}"
- --trustedcert
- "/var/lib/icinga2/certs/{{ icinga_server }}.crt"
- --accept-commands
- --accept-config
when: not cert_file.stat.exists
- name: Set agent address on master
template: src=hosts.agent.j2 dest=/etc/icinga2/conf.d/hosts/{{ inventory_hostname }}.01_agent owner={{ icinga_user }} group={{ icinga_group }}
delegate_to: "{{ icinga_server }}"
- name: Regenerate hosts.conf
assemble:
src: /etc/icinga2/conf.d/hosts
dest: /etc/icinga2/conf.d/hosts.conf
# validate: /usr/sbin/icinga2 daemon -c %s --validate
notify: Restart icinga2
delegate_to: "{{ icinga_server }}"
# TODO expand this to cover more than just the root partition
- name: Monitor disks
include_role: name=icinga-monitor tasks_from=disk
vars:
disks:
- "/"

3
roles/icinga_agent/templates/hosts.agent.j2 Normal file
View File

@ -0,0 +1,3 @@
/* Set custom variable `agent_endpoint` for use in `services.conf`. */
vars.agent_endpoint = "{{ inventory_hostname }}"

4
roles/xrdp_apphost/README.md
View File

@ -15,5 +15,5 @@ by a admin user.
$ export WINEARCH=win32
$ wineboot
$ winetricks dotnet40 gdiplus d3dx9_36
$ wget http://www.estlcam.de/downloads/Estlcam_32_11244.exe
$ wine Estlcam_32_11243.exe
$ wget http://www.estlcam.de/downloads/Estlcam_32_11245.exe
$ wine Estlcam_32_11245.exe

10
roles/xrdp_apphost/defaults/main.yml
View File

@ -31,8 +31,8 @@ xrdp_applications:
salt: "{{ vault_xrdp_apphost_lightburn_salt }}"
git_config_folder: /home/lightburn/.config/LightBurn/
checksum: sha256:2b3770a113d22afd37943306c9996537e13633c97ea806e2aedce5d428704a85
version: 1.3.01
checksum: sha256:c366f542a32b93e2e0f9e9b03c3cba4dcedecbadec09d94a053c19dae2f69cc8
version: 1.5.03
Estlcam:
user: estlcam
@ -48,9 +48,9 @@ xrdp_applications:
salt: "{{ vault_xrdp_apphost_slicer_salt }}"
git_config_folder: /home/slicer/.config/PrusaSlicer/
checksum: sha256:95123af8b82035add43ceef6d31ef0b91b1a5c7280261cb9db4a0de08387b9d5
version_base: 2.5.0
version: 2.5.0+linux-x64-GTK3-202209060725
checksum: sha256:08af39db787abcdc46cc5da76a51be06cf91c67c2b6871cb3327db0c1d0c8832
version_base: 2.7.2
version: 2.7.2+linux-x64-GTK3-202402291307
lightburn_url: https://github.com/LightBurnSoftware/deployment/releases/download/{{ xrdp_applications.LightBurn.version }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run
lightburn_target: /home/{{ xrdp_applications.LightBurn.user }}/LightBurn-Linux64-v{{ xrdp_applications.LightBurn.version }}.run

5
roles/xrdp_apphost/tasks/lightburn.yml
View File

@ -6,6 +6,11 @@
- libpulse-mainloop-glib0
- libnss3
- libxkbcommon-x11-0
- libxcb-icccm4-dev
- libxcb-image0
- libxcb-keysyms1
- libxcb-render-util0
- libxcb-xinerama0
- name: Download LightBurn binary
get_url: url={{ lightburn_url }} dest={{ lightburn_target }} checksum={{ xrdp_applications.LightBurn.checksum }} mode=0755