diff --git a/deploy-dispatchers.sh b/deploy-dispatchers.sh new file mode 100755 index 0000000..e6ed610 --- /dev/null +++ b/deploy-dispatchers.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +ansible-playbook -u ansible --private-key /opt/ansible/ssh.key -i inventory ./playbook-dispatchers.yml diff --git a/inventory.example b/inventory.example index a1fd3f2..0f181e5 100644 --- a/inventory.example +++ b/inventory.example @@ -2,9 +2,12 @@ all: hosts: frame1: - ansible_host: 10.5.5.177 + ansible_host: 192.168.0.11 dispatcher: ansible_connection: local +dispatchers: + hosts: + dispatcher: frames: hosts: frame1: @@ -39,5 +42,5 @@ wg: - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP vars: wireguard_port: 51821 - wireguard_endpoint: 10.5.5.246 + wireguard_endpoint: 192.168.0.2 wireguard_persistent_keepalive: 30 diff --git a/playbook-dispatchers.yml b/playbook-dispatchers.yml new file mode 100644 index 0000000..cc3437c --- /dev/null +++ b/playbook-dispatchers.yml @@ -0,0 +1,6 @@ +--- + - hosts: dispatchers + become: no + roles: + - msmtp + - monit diff --git a/roles/monit-dashboard/handlers/main.yml b/roles/monit-dashboard/handlers/main.yml new file mode 100644 index 0000000..1f09a6b --- /dev/null +++ b/roles/monit-dashboard/handlers/main.yml @@ -0,0 +1,4 @@ +--- + - name: restart monit-dashboard (container) + command: /usr/bin/s6-svc -r /var/run/s6/services/monit-dashboard + listen: "reconfigure monit-dashboard" diff --git a/roles/monit-dashboard/main.yml b/roles/monit-dashboard/main.yml new file mode 100644 index 0000000..548ebe7 --- /dev/null +++ b/roles/monit-dashboard/main.yml @@ -0,0 +1,17 @@ +--- + - name: Gather instance facts + setup: + - block: + - name: Setup monit-dashboard + template: + src: servers.json + dest: "/opt/monit-dashboard/conf/servers.json" + owner: root + group: root + mode: 0600 + with_items: "{{ groups['frames'] }}" + notify: + - restart monit-dashboard + tags: + - monit-dashboard-config + \ No newline at end of file diff --git a/roles/monit-dashboard/templates/servers.json b/roles/monit-dashboard/templates/servers.json new file mode 100644 index 0000000..a59fe6c --- /dev/null +++ b/roles/monit-dashboard/templates/servers.json @@ -0,0 +1,14 @@ +{ + "dispatcher": { + "url": "http://127.0.0.1:2812", + "user": "{{ monit_web_user }}", + "passwd": "{{ monit_web_pasword }}" + }{{ "," if items is defined and (items|length>0) }} +{% for frame in items %} + "{{ frame.name }}": { + "url": "http://{{ frame.wireguard_address }}:2812", + "user": "{{ frame.monit_web_user }}", + "passwd": "{{ frame.monit_web_pasword }}" + }{{ "," if not loop.last }} +{% endfor %} +} diff --git a/roles/monit/defaults/main.yml b/roles/monit/defaults/main.yml index 493743d..c339313 100644 --- a/roles/monit/defaults/main.yml +++ b/roles/monit/defaults/main.yml @@ -17,3 +17,6 @@ monit_wireguard_ip: 192.168.254.1 # Username / password for monit web service monit_web_user: "admin" monit_web_pasword: "password" + +# Whether or not monit is running containerized with s6-overlay +monit_containerized: false diff --git a/roles/monit/handlers/main.yml b/roles/monit/handlers/main.yml index 75d6a4b..f7dfbb1 100644 --- a/roles/monit/handlers/main.yml +++ b/roles/monit/handlers/main.yml @@ -3,3 +3,8 @@ service: name: "monit" state: "restarted" + when: not monit_containerized + + - name: restart monit + command: /usr/bin/s6-svc -r /var/run/s6/services/monit + when: monit_containerized diff --git a/roles/monit/tasks/dispatcher.yml b/roles/monit/tasks/dispatcher.yml new file mode 100644 index 0000000..64b5d13 --- /dev/null +++ b/roles/monit/tasks/dispatcher.yml @@ -0,0 +1,42 @@ +--- + - name: Gather instance facts + setup: + - block: + - name: Setup monitrc + template: + src: monitrc-dispatcher + dest: "/opt/monit/monitrc" + owner: root + group: root + mode: 0600 + notify: + - restart monit + tags: + - monit-config + - name: Setup filesystem monitoring + template: + src: filesystem + dest: "/opt/monit/conf.d/{{item.name}}" + owner: root + group: root + mode: 0600 + loop: + "{{ monit_filesystems }}" + notify: + - restart monit + tags: + - monit-config + - monit-filesystems + - name: Setup wireguard monitoring + template: + src: wireguard-dispatcher + dest: "/opt/monit/conf.d/wireguard" + owner: root + group: root + mode: 0600 + when: monit_wireguard + notify: + - restart monit + tags: + - monit-config + - monit-wireguard \ No newline at end of file diff --git a/roles/monit/tasks/frame.yml b/roles/monit/tasks/frame.yml new file mode 100644 index 0000000..49f2245 --- /dev/null +++ b/roles/monit/tasks/frame.yml @@ -0,0 +1,79 @@ +--- + - name: Gather instance facts + setup: + - name: Update APT package cache + apt: + update_cache: "true" + cache_valid_time: "3600" + tags: + - monit-install + - name: Install monit + package: + name: "{{ packages }}" + state: present + vars: + packages: + - monit + tags: + - monit-install + - block: + - name: Setup monitrc + template: + src: monitrc + dest: "/etc/monit/monitrc" + owner: root + group: root + mode: 0600 + notify: + - restart monit + tags: + - monit-config + - name: Setup filesystem monitoring + template: + src: filesystem + dest: "/etc/monit/conf.d/{{item.name}}" + owner: root + group: root + mode: 0600 + loop: + "{{ monit_filesystems }}" + notify: + - restart monit + tags: + - monit-config + - monit-filesystems + - name: Setup wireguard monitoring + template: + src: wireguard + dest: "/etc/monit/conf.d/wireguard" + owner: root + group: root + mode: 0600 + when: monit_wireguard + notify: + - restart monit + tags: + - monit-config + - monit-wireguard + - name: Setup slideshow monitoring + template: + src: fim + dest: "/etc/monit/conf.d/fim" + owner: root + group: root + mode: 0600 + notify: + - restart monit + tags: + - monit-config + - monit-fim + - name: Setup firewall rule + firewalld: + port: 2812/tcp + zone: public + permanent: yes + state: enabled + immediate: yes + tags: + - monit-config + \ No newline at end of file diff --git a/roles/monit/tasks/main.yml b/roles/monit/tasks/main.yml index 4e37b2b..9ea633d 100644 --- a/roles/monit/tasks/main.yml +++ b/roles/monit/tasks/main.yml @@ -1,78 +1,5 @@ --- - - name: Gather instance facts - setup: - - name: Update APT package cache - apt: - update_cache: "true" - cache_valid_time: "3600" - tags: - - monit-install - - name: Install monit - package: - name: "{{ packages }}" - state: present - vars: - packages: - - monit - tags: - - monit-install - - block: - - name: Setup monitrc - template: - src: monitrc - dest: "/etc/monit/monitrc" - owner: root - group: root - mode: 0600 - notify: - - restart monit - tags: - - monit-config - - name: Setup filesystem monitoring - template: - src: filesystem - dest: "/etc/monit/conf.d/{{item.name}}" - owner: root - group: root - mode: 0600 - loop: - "{{ monit_filesystems }}" - notify: - - restart monit - tags: - - monit-config - - monit-filesystems - - name: Setup wireguard monitoring - template: - src: wireguard - dest: "/etc/monit/conf.d/wireguard" - owner: root - group: root - mode: 0600 - when: monit_wireguard - notify: - - restart monit - tags: - - monit-config - - monit-wireguard - - name: Setup slideshow monitoring - template: - src: fim - dest: "/etc/monit/conf.d/fim" - owner: root - group: root - mode: 0600 - notify: - - restart monit - tags: - - monit-config - - monit-fim - - name: Setup firewall rule - firewalld: - port: 2812/tcp - zone: public - permanent: yes - state: enabled - immediate: yes - tags: - - monit-config + - include_tasks: "frame.yml" + when: not monit_containerized + - include_tasks: "dispatcher.yml" + when: monit_containerized diff --git a/roles/monit/templates/monitrc b/roles/monit/templates/monitrc index 2caf7c0..225332b 100644 --- a/roles/monit/templates/monitrc +++ b/roles/monit/templates/monitrc @@ -15,4 +15,3 @@ set httpd port 2812 and allow {{ monit_web_user }}:{{ monit_web_pasword }} include /etc/monit/conf.d/* -include /etc/monit/conf-enabled/* diff --git a/roles/monit/templates/monitrc-dispatcher b/roles/monit/templates/monitrc-dispatcher new file mode 100644 index 0000000..ccde2e6 --- /dev/null +++ b/roles/monit/templates/monitrc-dispatcher @@ -0,0 +1,17 @@ +set daemon 120 +set log /opt/monit/monit.log +set idfile /opt/monit/id +set statefile /opt/monit/state +set eventqueue + basedir /opt/monit/events # set the base directory where events will be stored + slots 100 # optionally limit the queue size + +set mailserver {{ monit_smtp_server }} port 587 + username "{{ monit_smtp_user }}" password "{{ monit_smtp_password }}" + using tls + +set httpd port 2812 and + use address 0.0.0.0 + allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS} + +include /opt/monit/conf.d/* diff --git a/roles/monit/templates/wireguard-dispatcher b/roles/monit/templates/wireguard-dispatcher new file mode 100644 index 0000000..e6e0bcd --- /dev/null +++ b/roles/monit/templates/wireguard-dispatcher @@ -0,0 +1,5 @@ +check host wireguard address {{ monit_wireguard_ip }} + start program = "/usr/bin/s6-svc -u /var/run/s6/services/wireguard" + stop program = "/usr/bin/s6-svc -d /var/run/s6/services/wireguard" + if failed ping then alert + if failed ping for 5 cycles then restart