Add munin-node, munin, rtty, additional options for wireguard, dispatcher-dashboard

2020-08-10 19:49:09 -04:00 · 2020-08-10 19:49:09 -04:00 · f811c59816
parent 9880db4101
commit f811c59816
20 changed files with 256 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -12,11 +12,10 @@ For now the goal of this code is to get a basic WireGuard deployment going for t
 - Use ```deploy-software-updates.sh``` to update software on all frames
 - Use ```deploy-wireguard.sh``` to deploy wireguard on the dispatcher + all frames
  - Be sure to update frame IP address after running this so ansible uses the wireguard vpn instead of naked IP address
  - Use ```setup-additional-wireguard-client.sh``` to create a wireguard config for a non-frame host (like your laptop/desktop used to manage a fleet of frames via the dispatcher)
 - Use ```deploy-dispatchers.sh``` to deploy dispatcher config (this is to fine-tune setup to include the frames)
 - Use ```deploy-frames.sh``` to deploy frame configuration (this is a limited subset of config from the docs)
-  - Monit
+- See ```inventory.example``` and the ```host_vars``` directory for necessary config and layout of groups for the various ansible playbooks to work properly
  - msmtprc / aliases
  - Scheduled hdmi on/off
 - See ```inventory.example``` for necessary config and layout of groups for the various ansible playbooks to work properly
 # Licensing
--- a/host_vars/dispatcher.example
+++ b/host_vars/dispatcher.example
@ -17,3 +17,4 @@ monit_web_user: "admin"
 monit_web_pasword: "password"
 rttys_http_username: "admin"
 rttys_http_pass: "password"
 dispatcher_dashboard_ip: 192.168.254.1
--- a/host_vars/frame1.example
+++ b/host_vars/frame1.example
@ -14,3 +14,5 @@ monit_filesystems:
  - "/tank"
 monit_web_user: "admin"
 monit_web_pasword: "password"
 munin_address: 192.168.254.11
 dispatcher_dashboard_ip: 192.168.254.11
--- a/inventory.example
+++ b/inventory.example
@ -15,6 +15,8 @@ frames:
    frame_timezone: UTC
    monit_wireguard: true
    monit_wireguard_ip: 192.168.254.1
    rtty_server: 192.168.254.1
    munin_server: 192.168.254.1
 wg:
  hosts:
      frame1:
--- a/playbook-dispatchers.yml
+++ b/playbook-dispatchers.yml
@ -6,3 +6,5 @@
      - rttys
      - monit
      - monit-dashboard
      - munin
      - dispatcher-dashboard
--- a/playbook-frames.yml
+++ b/playbook-frames.yml
@ -5,6 +5,8 @@
      - msmtp
      - hdmi
      - monit
      - munin-node
      - rtty
    tasks:
      - name: Setup timezone
        timezone:
--- a/roles/dispatcher-dashboard/tasks/main.yml
+++ b/roles/dispatcher-dashboard/tasks/main.yml
@ -0,0 +1,14 @@
 ---
  - name: Gather instance facts
    setup:
  - block:
    - name: Setup dispatcher-dashboard
      template:
        src: index.html
        dest: "/opt/dashboard/www/index.html"
        owner: munin
        group: munin
        mode: 0600
      with_items: groups['frames'] 
      tags:
        - dispatcher-dashboard-config
--- a/roles/dispatcher-dashboard/templates/index.html
+++ b/roles/dispatcher-dashboard/templates/index.html
@ -0,0 +1,19 @@
 <html>
 <head>
 <title>PiFrameFleet</title>
 </head>
 <body>
 <p><a href="http://{{ dispatcher_dashboard_ip }}:5913">Command Line</a></p>
 <p><a href="http://{{ dispatcher_dashboard_ip }}:2811">Monit Monitoring</a></p>
 <p><a href="http://{{ dispatcher_dashboard_ip }}:2813">Munin Monitoring</a></p>
 <p><a href="http://{{ dispatcher_dashboard_ip }}:9191">Picture File Browser</a></p>
 <p>Syncthing Admin Interfaces</p>
 <ul>
 <li><a href="http://{{ dispatcher_dashboard_ip }}:8384">dispatcher</a></li>
 {% for frame in groups['frames'] %}
 <li><a href="http://{{ hostvars[frame].dispatcher_dashboard_ip }}:8384">{{ hostvars[frame].inventory_hostname }}</a></li>
 </ul>
 </body>
 </html>
--- a/roles/munin-node/defaults/main.yml
+++ b/roles/munin-node/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 munin_server: 192.168.254.1
--- a/roles/munin-node/handlers/main.yml
+++ b/roles/munin-node/handlers/main.yml
@ -0,0 +1,6 @@
 ---
  - name: restart munin-node
    systemd:
      name: "munin-node"
      state: "restarted"
--- a/roles/munin-node/tasks/main.yml
+++ b/roles/munin-node/tasks/main.yml
@ -0,0 +1,47 @@
 ---
  - name: Gather instance facts
    setup:
  - name: Update APT package cache
    apt:
      update_cache: "true"
      cache_valid_time: "3600"
    tags:
      - munin-node-install
  - name: Install dependencies
    package:
      name: "{{ packages }}"
      state: present
    vars:
      packages:
        - munin-node
    tags:
      - munin-node-install
  - name: Remove main munin process
    apt:
      name: "{{ packages }}"
      state: absent
      purge: yes
    vars:
      packages:
        - munin
    tags:
      - munin-node-install
  - block:
    - name: Allow dispatcher to connect to munin-node
      lineinfile:
        line: "cidr_allow {{ munin_server }}/32"
        path: "/etc/munin/munin-node.conf"
        state: present
      notify: restart munin-node
      tags:
        - munin-node-config
    - name: Setup firewall rule
      firewalld:
        port: 4949/tcp
        zone: public
        permanent: yes
        state: enabled
        immediate: yes
      tags:
        - munin-node-config
--- a/roles/munin/handlers/main.yml
+++ b/roles/munin/handlers/main.yml
@ -0,0 +1,3 @@
 ---
 - name: generate munin graphs
  command: su - munin --shell=/bin/bash munin-cron
--- a/roles/munin/tasks/main.yml
+++ b/roles/munin/tasks/main.yml
@ -0,0 +1,16 @@
 ---
 - name: Gather instance facts
  setup:
 - block:
    - name: Setup munin
      template:
        src: munin.conf
        dest: "/opt/munin/munin.conf"
        owner: munin
        group: munin
        mode: 0600
      with_items: groups['frames'] 
      notify:
        - generate munin graphs
      tags:
        - munin-config
--- a/roles/munin/templates/munin.conf
+++ b/roles/munin/templates/munin.conf
@ -0,0 +1,17 @@
 dbdir /opt/munin/db
 htmldir /opt/munin/www
 logdir /opt/munin/log
 rundir /opt/munin/run
 cgitmpdir /opt/munin/cgi-tmp
 graph_strategy cron
 html_strategy cron
 [dispatcher]
    address 127.0.0.1
    use_node_name yes
 {% for frame in groups['frames'] %}
 [frames;{{ hostvars[frame].inventory_hostname }}]
    address {{ hostvars[frame].munin_address }}
    use_node_name yes
 {% endfor %}
--- a/roles/rtty/defaults/main.yml
+++ b/roles/rtty/defaults/main.yml
@ -0,0 +1,2 @@
 ---
 rtty_server: 192.168.254.1
--- a/roles/rtty/handlers/main.yml
+++ b/roles/rtty/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart rtty
  systemd:
    name: "rtty"
    state: "restarted"
--- a/roles/rtty/tasks/main.yml
+++ b/roles/rtty/tasks/main.yml
@ -0,0 +1,65 @@
 ---
  - name: Gather instance facts
    setup:
  - name: Update APT package cache
    apt:
      update_cache: "true"
      cache_valid_time: "3600"
    tags:
      - rtty-install
  - name: Install dependencies
    package:
      name: "{{ packages }}"
      state: present
    vars:
      packages:
        - libev4
        - build-essential
        - cmake
        - libev-dev
        - libssl-dev
    tags:
      - rtty-install
  - block:
    - name: Clone Sources
      shell:
        cmd: git clone --recursive https://github.com/zhaojh329/rtty.git /opt/rtty
        creates: /opt/rtty/.git
      tags:
        - rtty-install
    - name: Update sources
      shell:
        cmd: git pull
        chdir: /opt/rtty
      tags:
        - rtty-install
    - name: Prep sources
      shell:
        cmd: mkdir /opt/rtty/build
        creates: /opt/rtty/build
      tags:
        - rtty-install
    - name: Build sources
      shell: |
        cd /opt/rtty/build && \
        cmake .. && \
        make install
      tags:
        - rtty-install
  - block:
    - name: Setup rtty service
      template:
        src: rtty.service
        dest: "/etc/systemd/system/rtty.service"
        owner: root
        group: root
        mode: 0600
      notify:
        - restart rtty
      tags:
        - rtty-config
    - name: restart rtty
      systemd:
        name: "rtty"
        enabled: "true"
        daemon_reload: yes
--- a/roles/rtty/templates/rtty.service
+++ b/roles/rtty/templates/rtty.service
@ -0,0 +1,10 @@
 [Unit]
 Description=rtty
 After=network.target
 [Service]
 PrivateTmp=true
 ExecStart=/usr/local/bin/rtty -I {{ inventory_hostname }} -h {{ rtty_server }} -a -f root
 [Install]
 WantedBy=multi-user.target
--- a/roles/wireguard/templates/wg.conf.j2
+++ b/roles/wireguard/templates/wg.conf.j2
@ -68,3 +68,11 @@ Endpoint = {{host}}:{{wireguard_port}}
 {% endif %}
 {% endif %}
 {% endfor %}
 {% for host in wg_additional_host_keys %}
 [Peer]
 # {{hostvars[host].name}}
 PublicKey = {{hostvars[host].public_key}}
 AllowedIPs = {{hostvars[host].wireguard_ip}}/32
 PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
 {% endfor %}
--- a/setup-additional-wireguard-client.sh
+++ b/setup-additional-wireguard-client.sh
@ -0,0 +1,30 @@
 #!/bin/bash
 WG_KEY_SERVER=$(wg showconf wg0 | grep PrivateKey | awk '{ print $3 }' | wg pubkey)
 WG_KEY_PRIVATE=$(wg genkey)
 WG_KEY_PUBLIC=$(echo $WG_KEY_PRIVATE | wg pubkey)
 echo "
 ----------
 Update the name and ip below and then add to the 'host_vars/dispatcher' file
 wg_additional_host_keys:
  - name: name
    public_key: $WG_KEY_PUBLIC
    wireguard_ip: 192.168.254.n
    wireguard_persistent_keepalive: 30
 ----------
 Use the following wireguard config on the new client
 Update the server endpoint IP in Peer and the Interface Address
 [Interface]
 PrivateKey = $WG_KEY_PRIVATE
 ListenPort = 51820
 Address = 192.168.254.n/32
 [Peer]
 PublicKey = $WG_KEY_SERVER
 AllowedIPs = 192.168.254.0/24
 Endpoint = ip:51821
 PersistentKeepalive = 30
 ----------
 "