PiFrame/ansible
PiFrame/ansible
1
0
Fork 0
Code Issues Releases Activity

Start implementation of ansible management of dispatcher

Browse source
This commit is contained in:
KemoNine 2020-08-08 21:55:56 -04:00
parent 2b78ea9092
commit daedee0262
14 changed files with 204 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
deploy-dispatchers.sh Executable file
View file

@ -0,0 +1,3 @@
#!/bin/bash
ansible-playbook -u ansible --private-key /opt/ansible/ssh.key -i inventory ./playbook-dispatchers.yml

7
inventory.example
View file

@ -2,9 +2,12 @@
all: all:
hosts: hosts:
frame1: frame1:
ansible_host: 10.5.5.177 ansible_host: 192.168.0.11
dispatcher: dispatcher:
ansible_connection: local ansible_connection: local
dispatchers:
hosts:
dispatcher:
frames: frames:
hosts: hosts:
frame1: frame1:
@ -39,5 +42,5 @@ wg:
- iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
vars: vars:
wireguard_port: 51821 wireguard_port: 51821
wireguard_endpoint: 10.5.5.246 wireguard_endpoint: 192.168.0.2
wireguard_persistent_keepalive: 30 wireguard_persistent_keepalive: 30

6
playbook-dispatchers.yml Normal file
View file

@ -0,0 +1,6 @@
---
- hosts: dispatchers
become: no
roles:
- msmtp
- monit

4
roles/monit-dashboard/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
- name: restart monit-dashboard (container)
command: /usr/bin/s6-svc -r /var/run/s6/services/monit-dashboard
listen: "reconfigure monit-dashboard"

17
roles/monit-dashboard/main.yml Normal file
View file

@ -0,0 +1,17 @@
---
- name: Gather instance facts
setup:
- block:
- name: Setup monit-dashboard
template:
src: servers.json
dest: "/opt/monit-dashboard/conf/servers.json"
owner: root
group: root
mode: 0600
with_items: "{{ groups['frames'] }}"
notify:
- restart monit-dashboard
tags:
- monit-dashboard-config

14
roles/monit-dashboard/templates/servers.json Normal file
View file

@ -0,0 +1,14 @@
{
"dispatcher": {
"url": "http://127.0.0.1:2812",
"user": "{{ monit_web_user }}",
"passwd": "{{ monit_web_pasword }}"
}{{ "," if items is defined and (items|length>0) }}
{% for frame in items %}
"{{ frame.name }}": {
"url": "http://{{ frame.wireguard_address }}:2812",
"user": "{{ frame.monit_web_user }}",
"passwd": "{{ frame.monit_web_pasword }}"
}{{ "," if not loop.last }}
{% endfor %}
}

3
roles/monit/defaults/main.yml
View file

@ -17,3 +17,6 @@ monit_wireguard_ip: 192.168.254.1
# Username / password for monit web service # Username / password for monit web service
monit_web_user: "admin" monit_web_user: "admin"
monit_web_pasword: "password" monit_web_pasword: "password"
# Whether or not monit is running containerized with s6-overlay
monit_containerized: false

5
roles/monit/handlers/main.yml
View file

@ -3,3 +3,8 @@
service: service:
name: "monit" name: "monit"
state: "restarted" state: "restarted"
when: not monit_containerized
- name: restart monit
command: /usr/bin/s6-svc -r /var/run/s6/services/monit
when: monit_containerized

42
roles/monit/tasks/dispatcher.yml Normal file
View file

@ -0,0 +1,42 @@
---
- name: Gather instance facts
setup:
- block:
- name: Setup monitrc
template:
src: monitrc-dispatcher
dest: "/opt/monit/monitrc"
owner: root
group: root
mode: 0600
notify:
- restart monit
tags:
- monit-config
- name: Setup filesystem monitoring
template:
src: filesystem
dest: "/opt/monit/conf.d/{{item.name}}"
owner: root
group: root
mode: 0600
loop:
"{{ monit_filesystems }}"
notify:
- restart monit
tags:
- monit-config
- monit-filesystems
- name: Setup wireguard monitoring
template:
src: wireguard-dispatcher
dest: "/opt/monit/conf.d/wireguard"
owner: root
group: root
mode: 0600
when: monit_wireguard
notify:
- restart monit
tags:
- monit-config
- monit-wireguard

79
roles/monit/tasks/frame.yml Normal file
View file

@ -0,0 +1,79 @@
---
- name: Gather instance facts
setup:
- name: Update APT package cache
apt:
update_cache: "true"
cache_valid_time: "3600"
tags:
- monit-install
- name: Install monit
package:
name: "{{ packages }}"
state: present
vars:
packages:
- monit
tags:
- monit-install
- block:
- name: Setup monitrc
template:
src: monitrc
dest: "/etc/monit/monitrc"
owner: root
group: root
mode: 0600
notify:
- restart monit
tags:
- monit-config
- name: Setup filesystem monitoring
template:
src: filesystem
dest: "/etc/monit/conf.d/{{item.name}}"
owner: root
group: root
mode: 0600
loop:
"{{ monit_filesystems }}"
notify:
- restart monit
tags:
- monit-config
- monit-filesystems
- name: Setup wireguard monitoring
template:
src: wireguard
dest: "/etc/monit/conf.d/wireguard"
owner: root
group: root
mode: 0600
when: monit_wireguard
notify:
- restart monit
tags:
- monit-config
- monit-wireguard
- name: Setup slideshow monitoring
template:
src: fim
dest: "/etc/monit/conf.d/fim"
owner: root
group: root
mode: 0600
notify:
- restart monit
tags:
- monit-config
- monit-fim
- name: Setup firewall rule
firewalld:
port: 2812/tcp
zone: public
permanent: yes
state: enabled
immediate: yes
tags:
- monit-config

81
roles/monit/tasks/main.yml
View file

@ -1,78 +1,5 @@
--- ---
- name: Gather instance facts - include_tasks: "frame.yml"
setup: when: not monit_containerized
- name: Update APT package cache - include_tasks: "dispatcher.yml"
apt: when: monit_containerized
update_cache: "true"
cache_valid_time: "3600"
tags:
- monit-install
- name: Install monit
package:
name: "{{ packages }}"
state: present
vars:
packages:
- monit
tags:
- monit-install
- block:
- name: Setup monitrc
template:
src: monitrc
dest: "/etc/monit/monitrc"
owner: root
group: root
mode: 0600
notify:
- restart monit
tags:
- monit-config
- name: Setup filesystem monitoring
template:
src: filesystem
dest: "/etc/monit/conf.d/{{item.name}}"
owner: root
group: root
mode: 0600
loop:
"{{ monit_filesystems }}"
notify:
- restart monit
tags:
- monit-config
- monit-filesystems
- name: Setup wireguard monitoring
template:
src: wireguard
dest: "/etc/monit/conf.d/wireguard"
owner: root
group: root
mode: 0600
when: monit_wireguard
notify:
- restart monit
tags:
- monit-config
- monit-wireguard
- name: Setup slideshow monitoring
template:
src: fim
dest: "/etc/monit/conf.d/fim"
owner: root
group: root
mode: 0600
notify:
- restart monit
tags:
- monit-config
- monit-fim
- name: Setup firewall rule
firewalld:
port: 2812/tcp
zone: public
permanent: yes
state: enabled
immediate: yes
tags:
- monit-config

1
roles/monit/templates/monitrc
View file

@ -15,4 +15,3 @@ set httpd port 2812 and
allow {{ monit_web_user }}:{{ monit_web_pasword }} allow {{ monit_web_user }}:{{ monit_web_pasword }}
include /etc/monit/conf.d/* include /etc/monit/conf.d/*
include /etc/monit/conf-enabled/*

17
roles/monit/templates/monitrc-dispatcher Normal file
View file

@ -0,0 +1,17 @@
set daemon 120
set log /opt/monit/monit.log
set idfile /opt/monit/id
set statefile /opt/monit/state
set eventqueue
basedir /opt/monit/events # set the base directory where events will be stored
slots 100 # optionally limit the queue size
set mailserver {{ monit_smtp_server }} port 587
username "{{ monit_smtp_user }}" password "{{ monit_smtp_password }}"
using tls
set httpd port 2812 and
use address 0.0.0.0
allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS}
include /opt/monit/conf.d/*

5
roles/monit/templates/wireguard-dispatcher Normal file
View file

@ -0,0 +1,5 @@
check host wireguard address {{ monit_wireguard_ip }}
start program = "/usr/bin/s6-svc -u /var/run/s6/services/wireguard"
stop program = "/usr/bin/s6-svc -d /var/run/s6/services/wireguard"
if failed ping then alert
if failed ping for 5 cycles then restart