Start implementation of ansible management of dispatcher

2020-08-08 21:55:56 -04:00 · 2020-08-08 21:55:56 -04:00 · daedee0262
parent 2b78ea9092
commit daedee0262
14 changed files with 204 additions and 80 deletions
--- a/deploy-dispatchers.sh
+++ b/deploy-dispatchers.sh
@ -0,0 +1,3 @@
+#!/bin/bash
+
+ansible-playbook -u ansible --private-key /opt/ansible/ssh.key -i inventory ./playbook-dispatchers.yml
--- a/inventory.example
+++ b/inventory.example
@ -2,9 +2,12 @@
 all:
  hosts:
    frame1:
-      ansible_host: 10.5.5.177
+      ansible_host: 192.168.0.11
    dispatcher:
      ansible_connection: local
+dispatchers:
+  hosts:
+    dispatcher:
 frames:
  hosts:
    frame1:
@ -39,5 +42,5 @@ wg:
          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
  vars:
    wireguard_port: 51821
-    wireguard_endpoint: 10.5.5.246
+    wireguard_endpoint: 192.168.0.2
    wireguard_persistent_keepalive: 30
--- a/playbook-dispatchers.yml
+++ b/playbook-dispatchers.yml
@ -0,0 +1,6 @@
+---
+  - hosts: dispatchers
+    become: no
+    roles:
+      - msmtp
+      - monit
--- a/roles/monit-dashboard/handlers/main.yml
+++ b/roles/monit-dashboard/handlers/main.yml
@ -0,0 +1,4 @@
+---
+  - name: restart monit-dashboard (container)
+    command: /usr/bin/s6-svc -r /var/run/s6/services/monit-dashboard
+    listen: "reconfigure monit-dashboard"
--- a/roles/monit-dashboard/main.yml
+++ b/roles/monit-dashboard/main.yml
@ -0,0 +1,17 @@
+---
+  - name: Gather instance facts
+    setup:
+  - block:
+    - name: Setup monit-dashboard
+      template:
+        src: servers.json
+        dest: "/opt/monit-dashboard/conf/servers.json"
+        owner: root
+        group: root
+        mode: 0600
+      with_items: "{{ groups['frames'] }}"
+      notify:
+        - restart monit-dashboard
+      tags:
+        - monit-dashboard-config
+  
--- a/roles/monit-dashboard/templates/servers.json
+++ b/roles/monit-dashboard/templates/servers.json
@ -0,0 +1,14 @@
+{
+    "dispatcher": {
+        "url": "http://127.0.0.1:2812",
+        "user": "{{ monit_web_user }}",
+        "passwd": "{{ monit_web_pasword }}"
+    }{{ "," if items is defined and (items|length>0) }}
+{% for frame in items %}
+    "{{ frame.name }}": {
+        "url": "http://{{ frame.wireguard_address }}:2812",
+        "user": "{{ frame.monit_web_user }}",
+        "passwd": "{{ frame.monit_web_pasword }}"
+    }{{ "," if not loop.last }}
+{% endfor %}
+}
--- a/roles/monit/defaults/main.yml
+++ b/roles/monit/defaults/main.yml
@ -17,3 +17,6 @@ monit_wireguard_ip: 192.168.254.1
 # Username / password for monit web service
 monit_web_user: "admin"
 monit_web_pasword: "password"
+
+# Whether or not monit is running containerized with s6-overlay
+monit_containerized: false
--- a/roles/monit/handlers/main.yml
+++ b/roles/monit/handlers/main.yml
@ -3,3 +3,8 @@
    service:
      name: "monit"
      state: "restarted"
+    when: not monit_containerized
+
+  - name: restart monit
+    command: /usr/bin/s6-svc -r /var/run/s6/services/monit
+    when: monit_containerized
--- a/roles/monit/tasks/dispatcher.yml
+++ b/roles/monit/tasks/dispatcher.yml
@ -0,0 +1,42 @@
+---
+  - name: Gather instance facts
+    setup:
+  - block:
+    - name: Setup monitrc
+      template:
+        src: monitrc-dispatcher
+        dest: "/opt/monit/monitrc"
+        owner: root
+        group: root
+        mode: 0600
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+    - name: Setup filesystem monitoring
+      template:
+        src: filesystem
+        dest: "/opt/monit/conf.d/{{item.name}}"
+        owner: root
+        group: root
+        mode: 0600
+      loop:
+        "{{ monit_filesystems }}"
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+        - monit-filesystems
+    - name: Setup wireguard monitoring
+      template:
+        src: wireguard-dispatcher
+        dest: "/opt/monit/conf.d/wireguard"
+        owner: root
+        group: root
+        mode: 0600
+      when: monit_wireguard
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+        - monit-wireguard
--- a/roles/monit/tasks/frame.yml
+++ b/roles/monit/tasks/frame.yml
@ -0,0 +1,79 @@
+---
+  - name: Gather instance facts
+    setup:
+  - name: Update APT package cache
+    apt:
+      update_cache: "true"
+      cache_valid_time: "3600"
+    tags:
+      - monit-install
+  - name: Install monit
+    package:
+      name: "{{ packages }}"
+      state: present
+    vars:
+      packages:
+        - monit
+    tags:
+      - monit-install
+  - block:
+    - name: Setup monitrc
+      template:
+        src: monitrc
+        dest: "/etc/monit/monitrc"
+        owner: root
+        group: root
+        mode: 0600
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+    - name: Setup filesystem monitoring
+      template:
+        src: filesystem
+        dest: "/etc/monit/conf.d/{{item.name}}"
+        owner: root
+        group: root
+        mode: 0600
+      loop:
+        "{{ monit_filesystems }}"
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+        - monit-filesystems
+    - name: Setup wireguard monitoring
+      template:
+        src: wireguard
+        dest: "/etc/monit/conf.d/wireguard"
+        owner: root
+        group: root
+        mode: 0600
+      when: monit_wireguard
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+        - monit-wireguard
+    - name: Setup slideshow monitoring
+      template:
+        src: fim
+        dest: "/etc/monit/conf.d/fim"
+        owner: root
+        group: root
+        mode: 0600
+      notify:
+        - restart monit
+      tags:
+        - monit-config
+        - monit-fim
+    - name: Setup firewall rule
+      firewalld:
+        port: 2812/tcp
+        zone: public
+        permanent: yes
+        state: enabled
+        immediate: yes
+      tags:
+        - monit-config
+  
--- a/roles/monit/tasks/main.yml
+++ b/roles/monit/tasks/main.yml
@ -1,78 +1,5 @@
 ---
-  - name: Gather instance facts
-    setup:
-  - name: Update APT package cache
-    apt:
-      update_cache: "true"
-      cache_valid_time: "3600"
-    tags:
-        - monit-install
-  - name: Install monit
-    package:
-      name: "{{ packages }}"
-      state: present
-    vars:
-      packages:
-        - monit
-    tags:
-      - monit-install
-  - block:
-    - name: Setup monitrc
-      template:
-        src: monitrc
-        dest: "/etc/monit/monitrc"
-        owner: root
-        group: root
-        mode: 0600
-      notify:
-        - restart monit
-      tags:
-        - monit-config
-    - name: Setup filesystem monitoring
-      template:
-        src: filesystem
-        dest: "/etc/monit/conf.d/{{item.name}}"
-        owner: root
-        group: root
-        mode: 0600
-      loop:
-        "{{ monit_filesystems }}"
-      notify:
-        - restart monit
-      tags:
-        - monit-config
-        - monit-filesystems
-    - name: Setup wireguard monitoring
-      template:
-        src: wireguard
-        dest: "/etc/monit/conf.d/wireguard"
-        owner: root
-        group: root
-        mode: 0600
-      when: monit_wireguard
-      notify:
-        - restart monit
-      tags:
-        - monit-config
-        - monit-wireguard
-    - name: Setup slideshow monitoring
-      template:
-        src: fim
-        dest: "/etc/monit/conf.d/fim"
-        owner: root
-        group: root
-        mode: 0600
-      notify:
-        - restart monit
-      tags:
-        - monit-config
-        - monit-fim
-    - name: Setup firewall rule
-      firewalld:
-        port: 2812/tcp
-        zone: public
-        permanent: yes
-        state: enabled
-        immediate: yes
-      tags:
-        - monit-config
+  - include_tasks: "frame.yml"
+    when: not monit_containerized
+  - include_tasks: "dispatcher.yml"
+    when: monit_containerized
--- a/roles/monit/templates/monitrc
+++ b/roles/monit/templates/monitrc
@ -15,4 +15,3 @@ set httpd port 2812 and
    allow {{ monit_web_user }}:{{ monit_web_pasword }}

 include /etc/monit/conf.d/*
-include /etc/monit/conf-enabled/*
--- a/roles/monit/templates/monitrc-dispatcher
+++ b/roles/monit/templates/monitrc-dispatcher
@ -0,0 +1,17 @@
+set daemon 120
+set log /opt/monit/monit.log
+set idfile /opt/monit/id
+set statefile /opt/monit/state
+set eventqueue
+    basedir /opt/monit/events # set the base directory where events will be stored
+    slots 100                     # optionally limit the queue size
+
+set mailserver {{ monit_smtp_server }} port 587
+    username "{{ monit_smtp_user }}" password "{{ monit_smtp_password }}"
+    using tls
+
+set httpd port 2812 and
+    use address 0.0.0.0
+    allow ${CONFIG_MONIT_USER}:${CONFIG_MONIT_PASS}
+
+include /opt/monit/conf.d/*
--- a/roles/monit/templates/wireguard-dispatcher
+++ b/roles/monit/templates/wireguard-dispatcher
@ -0,0 +1,5 @@
+check host wireguard address {{ monit_wireguard_ip }}
+    start program = "/usr/bin/s6-svc -u /var/run/s6/services/wireguard"
+    stop program = "/usr/bin/s6-svc -d /var/run/s6/services/wireguard"
+    if failed ping then alert
+    if failed ping for 5 cycles then restart