Browse Source

Add munin-node, munin, rtty, additional options for wireguard, dispatcher-dashboard

master
KemoNine 1 year ago
parent
commit
f811c59816
  1. 7
      README.md
  2. 1
      host_vars/dispatcher.example
  3. 2
      host_vars/frame1.example
  4. 2
      inventory.example
  5. 2
      playbook-dispatchers.yml
  6. 2
      playbook-frames.yml
  7. 14
      roles/dispatcher-dashboard/tasks/main.yml
  8. 19
      roles/dispatcher-dashboard/templates/index.html
  9. 2
      roles/munin-node/defaults/main.yml
  10. 6
      roles/munin-node/handlers/main.yml
  11. 47
      roles/munin-node/tasks/main.yml
  12. 3
      roles/munin/handlers/main.yml
  13. 16
      roles/munin/tasks/main.yml
  14. 17
      roles/munin/templates/munin.conf
  15. 2
      roles/rtty/defaults/main.yml
  16. 5
      roles/rtty/handlers/main.yml
  17. 65
      roles/rtty/tasks/main.yml
  18. 10
      roles/rtty/templates/rtty.service
  19. 8
      roles/wireguard/templates/wg.conf.j2
  20. 30
      setup-additional-wireguard-client.sh

7
README.md

@ -12,11 +12,10 @@ For now the goal of this code is to get a basic WireGuard deployment going for t
- Use ```deploy-software-updates.sh``` to update software on all frames
- Use ```deploy-wireguard.sh``` to deploy wireguard on the dispatcher + all frames
- Be sure to update frame IP address after running this so ansible uses the wireguard vpn instead of naked IP address
- Use ```setup-additional-wireguard-client.sh``` to create a wireguard config for a non-frame host (like your laptop/desktop used to manage a fleet of frames via the dispatcher)
- Use ```deploy-dispatchers.sh``` to deploy dispatcher config (this is to fine-tune setup to include the frames)
- Use ```deploy-frames.sh``` to deploy frame configuration (this is a limited subset of config from the docs)
- Monit
- msmtprc / aliases
- Scheduled hdmi on/off
- See ```inventory.example``` for necessary config and layout of groups for the various ansible playbooks to work properly
- See ```inventory.example``` and the ```host_vars``` directory for necessary config and layout of groups for the various ansible playbooks to work properly
# Licensing

1
host_vars/dispatcher.example

@ -17,3 +17,4 @@ monit_web_user: "admin"
monit_web_pasword: "password"
rttys_http_username: "admin"
rttys_http_pass: "password"
dispatcher_dashboard_ip: 192.168.254.1

2
host_vars/frame1.example

@ -14,3 +14,5 @@ monit_filesystems:
- "/tank"
monit_web_user: "admin"
monit_web_pasword: "password"
munin_address: 192.168.254.11
dispatcher_dashboard_ip: 192.168.254.11

2
inventory.example

@ -15,6 +15,8 @@ frames:
frame_timezone: UTC
monit_wireguard: true
monit_wireguard_ip: 192.168.254.1
rtty_server: 192.168.254.1
munin_server: 192.168.254.1
wg:
hosts:
frame1:

2
playbook-dispatchers.yml

@ -6,3 +6,5 @@
- rttys
- monit
- monit-dashboard
- munin
- dispatcher-dashboard

2
playbook-frames.yml

@ -5,6 +5,8 @@
- msmtp
- hdmi
- monit
- munin-node
- rtty
tasks:
- name: Setup timezone
timezone:

14
roles/dispatcher-dashboard/tasks/main.yml

@ -0,0 +1,14 @@
---
- name: Gather instance facts
setup:
- block:
- name: Setup dispatcher-dashboard
template:
src: index.html
dest: "/opt/dashboard/www/index.html"
owner: munin
group: munin
mode: 0600
with_items: groups['frames']
tags:
- dispatcher-dashboard-config

19
roles/dispatcher-dashboard/templates/index.html

@ -0,0 +1,19 @@
<html>
<head>
<title>PiFrameFleet</title>
</head>
<body>
<p><a href="http://{{ dispatcher_dashboard_ip }}:5913">Command Line</a></p>
<p><a href="http://{{ dispatcher_dashboard_ip }}:2811">Monit Monitoring</a></p>
<p><a href="http://{{ dispatcher_dashboard_ip }}:2813">Munin Monitoring</a></p>
<p><a href="http://{{ dispatcher_dashboard_ip }}:9191">Picture File Browser</a></p>
<p>Syncthing Admin Interfaces</p>
<ul>
<li><a href="http://{{ dispatcher_dashboard_ip }}:8384">dispatcher</a></li>
{% for frame in groups['frames'] %}
<li><a href="http://{{ hostvars[frame].dispatcher_dashboard_ip }}:8384">{{ hostvars[frame].inventory_hostname }}</a></li>
</ul>
</body>
</html>

2
roles/munin-node/defaults/main.yml

@ -0,0 +1,2 @@
---
munin_server: 192.168.254.1

6
roles/munin-node/handlers/main.yml

@ -0,0 +1,6 @@
---
- name: restart munin-node
systemd:
name: "munin-node"
state: "restarted"

47
roles/munin-node/tasks/main.yml

@ -0,0 +1,47 @@
---
- name: Gather instance facts
setup:
- name: Update APT package cache
apt:
update_cache: "true"
cache_valid_time: "3600"
tags:
- munin-node-install
- name: Install dependencies
package:
name: "{{ packages }}"
state: present
vars:
packages:
- munin-node
tags:
- munin-node-install
- name: Remove main munin process
apt:
name: "{{ packages }}"
state: absent
purge: yes
vars:
packages:
- munin
tags:
- munin-node-install
- block:
- name: Allow dispatcher to connect to munin-node
lineinfile:
line: "cidr_allow {{ munin_server }}/32"
path: "/etc/munin/munin-node.conf"
state: present
notify: restart munin-node
tags:
- munin-node-config
- name: Setup firewall rule
firewalld:
port: 4949/tcp
zone: public
permanent: yes
state: enabled
immediate: yes
tags:
- munin-node-config

3
roles/munin/handlers/main.yml

@ -0,0 +1,3 @@
---
- name: generate munin graphs
command: su - munin --shell=/bin/bash munin-cron

16
roles/munin/tasks/main.yml

@ -0,0 +1,16 @@
---
- name: Gather instance facts
setup:
- block:
- name: Setup munin
template:
src: munin.conf
dest: "/opt/munin/munin.conf"
owner: munin
group: munin
mode: 0600
with_items: groups['frames']
notify:
- generate munin graphs
tags:
- munin-config

17
roles/munin/templates/munin.conf

@ -0,0 +1,17 @@
dbdir /opt/munin/db
htmldir /opt/munin/www
logdir /opt/munin/log
rundir /opt/munin/run
cgitmpdir /opt/munin/cgi-tmp
graph_strategy cron
html_strategy cron
[dispatcher]
address 127.0.0.1
use_node_name yes
{% for frame in groups['frames'] %}
[frames;{{ hostvars[frame].inventory_hostname }}]
address {{ hostvars[frame].munin_address }}
use_node_name yes
{% endfor %}

2
roles/rtty/defaults/main.yml

@ -0,0 +1,2 @@
---
rtty_server: 192.168.254.1

5
roles/rtty/handlers/main.yml

@ -0,0 +1,5 @@
---
- name: restart rtty
systemd:
name: "rtty"
state: "restarted"

65
roles/rtty/tasks/main.yml

@ -0,0 +1,65 @@
---
- name: Gather instance facts
setup:
- name: Update APT package cache
apt:
update_cache: "true"
cache_valid_time: "3600"
tags:
- rtty-install
- name: Install dependencies
package:
name: "{{ packages }}"
state: present
vars:
packages:
- libev4
- build-essential
- cmake
- libev-dev
- libssl-dev
tags:
- rtty-install
- block:
- name: Clone Sources
shell:
cmd: git clone --recursive https://github.com/zhaojh329/rtty.git /opt/rtty
creates: /opt/rtty/.git
tags:
- rtty-install
- name: Update sources
shell:
cmd: git pull
chdir: /opt/rtty
tags:
- rtty-install
- name: Prep sources
shell:
cmd: mkdir /opt/rtty/build
creates: /opt/rtty/build
tags:
- rtty-install
- name: Build sources
shell: |
cd /opt/rtty/build && \
cmake .. && \
make install
tags:
- rtty-install
- block:
- name: Setup rtty service
template:
src: rtty.service
dest: "/etc/systemd/system/rtty.service"
owner: root
group: root
mode: 0600
notify:
- restart rtty
tags:
- rtty-config
- name: restart rtty
systemd:
name: "rtty"
enabled: "true"
daemon_reload: yes

10
roles/rtty/templates/rtty.service

@ -0,0 +1,10 @@
[Unit]
Description=rtty
After=network.target
[Service]
PrivateTmp=true
ExecStart=/usr/local/bin/rtty -I {{ inventory_hostname }} -h {{ rtty_server }} -a -f root
[Install]
WantedBy=multi-user.target

8
roles/wireguard/templates/wg.conf.j2

@ -68,3 +68,11 @@ Endpoint = {{host}}:{{wireguard_port}}
{% endif %}
{% endif %}
{% endfor %}
{% for host in wg_additional_host_keys %}
[Peer]
# {{hostvars[host].name}}
PublicKey = {{hostvars[host].public_key}}
AllowedIPs = {{hostvars[host].wireguard_ip}}/32
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
{% endfor %}

30
setup-additional-wireguard-client.sh

@ -0,0 +1,30 @@
#!/bin/bash
WG_KEY_SERVER=$(wg showconf wg0 | grep PrivateKey | awk '{ print $3 }' | wg pubkey)
WG_KEY_PRIVATE=$(wg genkey)
WG_KEY_PUBLIC=$(echo $WG_KEY_PRIVATE | wg pubkey)
echo "
----------
Update the name and ip below and then add to the 'host_vars/dispatcher' file
wg_additional_host_keys:
- name: name
public_key: $WG_KEY_PUBLIC
wireguard_ip: 192.168.254.n
wireguard_persistent_keepalive: 30
----------
Use the following wireguard config on the new client
Update the server endpoint IP in Peer and the Interface Address
[Interface]
PrivateKey = $WG_KEY_PRIVATE
ListenPort = 51820
Address = 192.168.254.n/32
[Peer]
PublicKey = $WG_KEY_SERVER
AllowedIPs = 192.168.254.0/24
Endpoint = ip:51821
PersistentKeepalive = 30
----------
"
Loading…
Cancel
Save