split ff_gw::sysadmin class
This commit is contained in:
parent
ba5030ffce
commit
b412e55cfa
|
@ -1,6 +1,5 @@
|
||||||
# kitchen sink class for various small settings
|
# kitchen sink class for various small settings
|
||||||
class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $sethostname = false, $setip = false, $accounts = {}) {
|
class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $sethostname = false, $setip = false, $accounts = {}) {
|
||||||
|
|
||||||
# first of all: fix my hostname
|
# first of all: fix my hostname
|
||||||
if $sethostname and $setip {
|
if $sethostname and $setip {
|
||||||
# set system hostname
|
# set system hostname
|
||||||
|
@ -11,48 +10,7 @@ class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $
|
||||||
}
|
}
|
||||||
|
|
||||||
# next important thing: set up apt repositories
|
# next important thing: set up apt repositories
|
||||||
#
|
class { 'ff_gw::sysadmin::software': }
|
||||||
class { '::apt':
|
|
||||||
always_apt_update => true
|
|
||||||
}
|
|
||||||
# use backports repo
|
|
||||||
apt::source { 'wheezy-backports':
|
|
||||||
location => 'http://ftp.de.debian.org/debian/',
|
|
||||||
release => 'wheezy-backports',
|
|
||||||
repos => 'main',
|
|
||||||
}
|
|
||||||
# batman repo
|
|
||||||
apt::source { 'universe-factory':
|
|
||||||
location => 'http://repo.universe-factory.net/debian/',
|
|
||||||
release => 'sid',
|
|
||||||
repos => 'main',
|
|
||||||
key => '16EF3F64CB201D9C',
|
|
||||||
key_server => 'pool.sks-keyservers.net',
|
|
||||||
}
|
|
||||||
# bird repo // TODO: no PGP key
|
|
||||||
apt::source { 'bird-network':
|
|
||||||
location => 'http://bird.network.cz/debian/',
|
|
||||||
release => 'wheezy',
|
|
||||||
repos => 'main',
|
|
||||||
}
|
|
||||||
|
|
||||||
# then install some basic packages
|
|
||||||
package {
|
|
||||||
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
|
|
||||||
'screen', 'tcpdump', 'rsync', 'file', 'psmisc', 'ntpdate']:
|
|
||||||
ensure => installed,
|
|
||||||
}
|
|
||||||
->
|
|
||||||
# remove atop cronjob
|
|
||||||
file { '/etc/cron.d/atop':
|
|
||||||
ensure => absent,
|
|
||||||
}
|
|
||||||
->
|
|
||||||
# stop atop daemon (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506191)
|
|
||||||
service { 'atop':
|
|
||||||
ensure => stopped,
|
|
||||||
enable => false,
|
|
||||||
}
|
|
||||||
|
|
||||||
cron {
|
cron {
|
||||||
'ntpdate-debian':
|
'ntpdate-debian':
|
||||||
|
@ -85,129 +43,11 @@ class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $
|
||||||
enable => true,
|
enable => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
# zabbix
|
class { 'ff_gw::sysadmin::zabbix':
|
||||||
apt::source { 'zabbix':
|
zabbixserver => $zabbixserver,
|
||||||
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
|
|
||||||
release => 'wheezy',
|
|
||||||
repos => 'main',
|
|
||||||
key => '79EA5ED4',
|
|
||||||
key_server => 'pgpkeys.mit.edu',
|
|
||||||
}
|
}
|
||||||
->
|
class { 'ff_gw::sysadmin::munin':
|
||||||
package { 'zabbix-agent':
|
muninserver => $muninserver,
|
||||||
ensure => latest;
|
|
||||||
}
|
|
||||||
->
|
|
||||||
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
|
|
||||||
ensure => file,
|
|
||||||
content => "# managed by puppet
|
|
||||||
Server=${zabbixserver}
|
|
||||||
ServerActive=${zabbixserver}
|
|
||||||
HostnameItem=${::hostname}
|
|
||||||
";
|
|
||||||
}
|
|
||||||
~>
|
|
||||||
service { 'zabbix-agent':
|
|
||||||
ensure => running,
|
|
||||||
enable => true,
|
|
||||||
}
|
|
||||||
|
|
||||||
# munin
|
|
||||||
package {
|
|
||||||
[ 'munin-node', 'vnstat', 'bc' ]:
|
|
||||||
ensure => installed,
|
|
||||||
}
|
|
||||||
->
|
|
||||||
file {
|
|
||||||
'/etc/munin/munin-node.conf':
|
|
||||||
ensure => file,
|
|
||||||
# mostly Debin pkg default
|
|
||||||
content => inline_template('# managed by puppet
|
|
||||||
log_level 4
|
|
||||||
log_file /var/log/munin/munin-node.log
|
|
||||||
pid_file /var/run/munin/munin-node.pid
|
|
||||||
|
|
||||||
background 1
|
|
||||||
setsid 1
|
|
||||||
|
|
||||||
user root
|
|
||||||
group root
|
|
||||||
|
|
||||||
# Regexps for files to ignore
|
|
||||||
ignore_file [\#~]$
|
|
||||||
ignore_file DEADJOE$
|
|
||||||
ignore_file \.bak$
|
|
||||||
ignore_file %$
|
|
||||||
ignore_file \.dpkg-(tmp|new|old|dist)$
|
|
||||||
ignore_file \.rpm(save|new)$
|
|
||||||
ignore_file \.pod$
|
|
||||||
|
|
||||||
port 4949
|
|
||||||
|
|
||||||
host_name <%= @fqdn %>
|
|
||||||
cidr_allow <%= @muninserver %>/32
|
|
||||||
host <%= @ipaddress_eth0 %>
|
|
||||||
');
|
|
||||||
'/usr/share/munin/plugins/vnstat_':
|
|
||||||
ensure => file,
|
|
||||||
mode => '0755',
|
|
||||||
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
|
|
||||||
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/vnstat_';
|
|
||||||
'/usr/share/munin/plugins/udp-statistics':
|
|
||||||
ensure => file,
|
|
||||||
mode => '0755',
|
|
||||||
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
|
|
||||||
'/etc/munin/plugins/udp-statistics':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/udp-statistics';
|
|
||||||
'/usr/share/munin/plugins/dhcp-pool':
|
|
||||||
ensure => file,
|
|
||||||
mode => '0755',
|
|
||||||
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/dhcp-pool';
|
|
||||||
'/etc/munin/plugins/dhcp-pool':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/dhcp-pool';
|
|
||||||
'/etc/munin/plugin-conf.d/dhcp-pool':
|
|
||||||
ensure => file,
|
|
||||||
content => '[dhcp-pool]
|
|
||||||
env.leasefile /var/lib/dhcp/dhcpd.leases
|
|
||||||
env.conffile /etc/dhcp/dhcpd.conf';
|
|
||||||
'/etc/munin/plugins/if_mullvad':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_';
|
|
||||||
'/etc/munin/plugins/if_err_mullvad':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_err_';
|
|
||||||
'/etc/munin/plugins/if_bat0':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_';
|
|
||||||
'/etc/munin/plugins/if_err_bat0':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_err_';
|
|
||||||
'/etc/munin/plugins/if_br-ffhh':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_';
|
|
||||||
'/etc/munin/plugins/if_err_br-ffhh':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_err_';
|
|
||||||
'/etc/munin/plugins/if_ffhh-mesh-vpn':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_';
|
|
||||||
'/etc/munin/plugins/if_err_ffhh-mesh-vpn':
|
|
||||||
ensure => link,
|
|
||||||
target => '/usr/share/munin/plugins/if_err_';
|
|
||||||
# TODO: delete not needed plugins
|
|
||||||
'/etc/munin/plugin-conf.d/vnstat':
|
|
||||||
ensure => file,
|
|
||||||
content => '[vnstat_eth0_monthly_rxtx]
|
|
||||||
env.estimate 1';
|
|
||||||
}
|
|
||||||
~>
|
|
||||||
service { 'munin-node':
|
|
||||||
ensure => running,
|
|
||||||
enable => true;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -256,3 +96,48 @@ class ff_gw::sysadmin::hostname($newname, $newip) {
|
||||||
refreshonly => true,
|
refreshonly => true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# everything related to apt-repos and default tools
|
||||||
|
class ff_gw::sysadmin::software() {
|
||||||
|
class { '::apt':
|
||||||
|
always_apt_update => true
|
||||||
|
}
|
||||||
|
# use backports repo
|
||||||
|
apt::source { 'wheezy-backports':
|
||||||
|
location => 'http://ftp.de.debian.org/debian/',
|
||||||
|
release => 'wheezy-backports',
|
||||||
|
repos => 'main',
|
||||||
|
}
|
||||||
|
# batman repo
|
||||||
|
apt::source { 'universe-factory':
|
||||||
|
location => 'http://repo.universe-factory.net/debian/',
|
||||||
|
release => 'sid',
|
||||||
|
repos => 'main',
|
||||||
|
key => '16EF3F64CB201D9C',
|
||||||
|
key_server => 'pool.sks-keyservers.net',
|
||||||
|
}
|
||||||
|
# bird repo // TODO: no PGP key
|
||||||
|
apt::source { 'bird-network':
|
||||||
|
location => 'http://bird.network.cz/debian/',
|
||||||
|
release => 'wheezy',
|
||||||
|
repos => 'main',
|
||||||
|
}
|
||||||
|
|
||||||
|
# then install some basic packages
|
||||||
|
package {
|
||||||
|
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
|
||||||
|
'screen', 'tcpdump', 'rsync', 'file', 'psmisc', 'ntpdate']:
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
->
|
||||||
|
# remove atop cronjob
|
||||||
|
file { '/etc/cron.d/atop':
|
||||||
|
ensure => absent,
|
||||||
|
}
|
||||||
|
->
|
||||||
|
# stop atop daemon (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506191)
|
||||||
|
service { 'atop':
|
||||||
|
ensure => stopped,
|
||||||
|
enable => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
99
manifests/sysadmin/munin.pp
Normal file
99
manifests/sysadmin/munin.pp
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
# munin config
|
||||||
|
class ff_gw::sysadmin::munin($muninserver) {
|
||||||
|
package {
|
||||||
|
[ 'munin-node', 'vnstat', 'bc' ]:
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
->
|
||||||
|
file {
|
||||||
|
'/etc/munin/munin-node.conf':
|
||||||
|
ensure => file,
|
||||||
|
# mostly Debin pkg default
|
||||||
|
content => inline_template('# managed by puppet
|
||||||
|
log_level 4
|
||||||
|
log_file /var/log/munin/munin-node.log
|
||||||
|
pid_file /var/run/munin/munin-node.pid
|
||||||
|
|
||||||
|
background 1
|
||||||
|
setsid 1
|
||||||
|
|
||||||
|
user root
|
||||||
|
group root
|
||||||
|
|
||||||
|
# Regexps for files to ignore
|
||||||
|
ignore_file [\#~]$
|
||||||
|
ignore_file DEADJOE$
|
||||||
|
ignore_file \.bak$
|
||||||
|
ignore_file %$
|
||||||
|
ignore_file \.dpkg-(tmp|new|old|dist)$
|
||||||
|
ignore_file \.rpm(save|new)$
|
||||||
|
ignore_file \.pod$
|
||||||
|
|
||||||
|
port 4949
|
||||||
|
|
||||||
|
host_name <%= @fqdn %>
|
||||||
|
cidr_allow <%= @muninserver %>/32
|
||||||
|
host <%= @ipaddress_eth0 %>
|
||||||
|
');
|
||||||
|
'/usr/share/munin/plugins/vnstat_':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0755',
|
||||||
|
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
|
||||||
|
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/vnstat_';
|
||||||
|
'/usr/share/munin/plugins/udp-statistics':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0755',
|
||||||
|
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
|
||||||
|
'/etc/munin/plugins/udp-statistics':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/udp-statistics';
|
||||||
|
'/usr/share/munin/plugins/dhcp-pool':
|
||||||
|
ensure => file,
|
||||||
|
mode => '0755',
|
||||||
|
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/dhcp-pool';
|
||||||
|
'/etc/munin/plugins/dhcp-pool':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/dhcp-pool';
|
||||||
|
'/etc/munin/plugin-conf.d/dhcp-pool':
|
||||||
|
ensure => file,
|
||||||
|
content => '[dhcp-pool]
|
||||||
|
env.leasefile /var/lib/dhcp/dhcpd.leases
|
||||||
|
env.conffile /etc/dhcp/dhcpd.conf';
|
||||||
|
'/etc/munin/plugins/if_mullvad':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_';
|
||||||
|
'/etc/munin/plugins/if_err_mullvad':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_err_';
|
||||||
|
'/etc/munin/plugins/if_bat0':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_';
|
||||||
|
'/etc/munin/plugins/if_err_bat0':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_err_';
|
||||||
|
'/etc/munin/plugins/if_br-ffhh':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_';
|
||||||
|
'/etc/munin/plugins/if_err_br-ffhh':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_err_';
|
||||||
|
'/etc/munin/plugins/if_ffhh-mesh-vpn':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_';
|
||||||
|
'/etc/munin/plugins/if_err_ffhh-mesh-vpn':
|
||||||
|
ensure => link,
|
||||||
|
target => '/usr/share/munin/plugins/if_err_';
|
||||||
|
# TODO: delete not needed plugins
|
||||||
|
'/etc/munin/plugin-conf.d/vnstat':
|
||||||
|
ensure => file,
|
||||||
|
content => '[vnstat_eth0_monthly_rxtx]
|
||||||
|
env.estimate 1';
|
||||||
|
}
|
||||||
|
~>
|
||||||
|
service { 'munin-node':
|
||||||
|
ensure => running,
|
||||||
|
enable => true;
|
||||||
|
}
|
||||||
|
}
|
28
manifests/sysadmin/zabbix.pp
Normal file
28
manifests/sysadmin/zabbix.pp
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# zabbix agent config
|
||||||
|
class ff_gw::sysadmin::zabbix($zabbixserver) {
|
||||||
|
apt::source { 'zabbix':
|
||||||
|
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
|
||||||
|
release => 'wheezy',
|
||||||
|
repos => 'main',
|
||||||
|
key => '79EA5ED4',
|
||||||
|
key_server => 'pgpkeys.mit.edu',
|
||||||
|
}
|
||||||
|
->
|
||||||
|
package { 'zabbix-agent':
|
||||||
|
ensure => latest;
|
||||||
|
}
|
||||||
|
->
|
||||||
|
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
|
||||||
|
ensure => file,
|
||||||
|
content => "# managed by puppet
|
||||||
|
Server=${zabbixserver}
|
||||||
|
ServerActive=${zabbixserver}
|
||||||
|
HostnameItem=${::hostname}
|
||||||
|
";
|
||||||
|
}
|
||||||
|
~>
|
||||||
|
service { 'zabbix-agent':
|
||||||
|
ensure => running,
|
||||||
|
enable => true,
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue