Compare commits
	
		
			3 commits
		
	
	
		
			2d776d3246
			...
			ff9620ed2a
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| ff9620ed2a | |||
| 0a0ce7e2a5 | |||
| 14dd446fd4 | 
					 7 changed files with 122 additions and 0 deletions
				
			
		|  | @ -42,6 +42,10 @@ table inet filter { | |||
|             packet-too-big, parameter-problem, time-exceeded, | ||||
|         } accept comment "accept some ICMPv6" | ||||
| 
 | ||||
|         iif mgmt0 ip6 hoplimit 255 ip6 nexthdr icmpv6 icmpv6 type { | ||||
|             nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert | ||||
|         } accept comment "accept IPv6 neighbor discovery" | ||||
| 
 | ||||
|         # BGP / BFD sessions | ||||
|         iif lan0 ip6 saddr fe80::/64 accept | ||||
|         iif lan1 ip6 saddr fe80::/64 accept | ||||
|  |  | |||
							
								
								
									
										10
									
								
								roles/telegraf/handlers/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								roles/telegraf/handlers/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,10 @@ | |||
| - name: update package cache | ||||
|   package: | ||||
|     update_cache: yes | ||||
|   when: "'handler' not in ansible_skip_tags" | ||||
| 
 | ||||
| - name: restart telegraf | ||||
|   service: | ||||
|     name: telegraf | ||||
|     state: restarted | ||||
|   when: "'handler' not in ansible_skip_tags" | ||||
							
								
								
									
										31
									
								
								roles/telegraf/tasks/debian.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										31
									
								
								roles/telegraf/tasks/debian.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,31 @@ | |||
| - name: Add influxdb repository | ||||
|   deb822_repository: | ||||
|     name: influxdata | ||||
|     uris: https://repos.influxdata.com/debian | ||||
|     suites: stable | ||||
|     components: main | ||||
|     architectures: amd64 | ||||
|     signed_by: https://repos.influxdata.com/influxdata-archive.key | ||||
|   notify: update package cache | ||||
| 
 | ||||
| - meta: flush_handlers | ||||
| 
 | ||||
| - name: Install telegraf | ||||
|   package: | ||||
|     name: telegraf | ||||
| 
 | ||||
| - name: Configure telegraf | ||||
|   when: not ansible_check_mode | ||||
|   template: | ||||
|     dest: /etc/telegraf/telegraf.d/output.conf | ||||
|     src: output.conf.j2 | ||||
|     owner: telegraf | ||||
|     group: telegraf | ||||
|     mode: 0640 | ||||
|   notify: restart telegraf | ||||
| 
 | ||||
| - name: Enable telegraf | ||||
|   service: | ||||
|     name: telegraf | ||||
|     enabled: true | ||||
|     state: started | ||||
							
								
								
									
										11
									
								
								roles/telegraf/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								roles/telegraf/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,11 @@ | |||
| - name: Get influxdb info | ||||
|   set_fact: | ||||
|     influxdb_info: '{{ lookup("passwordstore", "vm/"~influxdb_host, returnall=true, missing="empty") | from_yaml }}' | ||||
| 
 | ||||
| - name: Create influxdb token for this host | ||||
|   include_tasks: token.yml | ||||
|   when: 'not ansible_check_mode and "influxdb_token" not in password' | ||||
| 
 | ||||
| - name: Install telegraf on Debian | ||||
|   include_tasks: debian.yml | ||||
|   when: ansible_os_family == "Debian" | ||||
							
								
								
									
										53
									
								
								roles/telegraf/tasks/token.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										53
									
								
								roles/telegraf/tasks/token.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,53 @@ | |||
| - name: Get influxdb organization ID | ||||
|   delegate_to: localhost | ||||
|   uri: | ||||
|     url: '{{ influxdb_info.influxdb_url }}/api/v2/orgs' | ||||
|     headers: | ||||
|       Authorization: Token {{ influxdb_info.influxdb_operator_token }} | ||||
|   register: response | ||||
| 
 | ||||
| - name: Parse influxdb orgID | ||||
|   set_fact: | ||||
|     influxdb_orgID: '{{ response.json.orgs | selectattr("name", "==", influxdb_info.influxdb_org) | map(attribute="id") | first }}' | ||||
| 
 | ||||
| - name: Get influxdb bucket ID | ||||
|   delegate_to: localhost | ||||
|   uri: | ||||
|     url: '{{ influxdb_info.influxdb_url }}/api/v2/buckets?orgID={{ influxdb_orgID }}' | ||||
|     headers: | ||||
|       Authorization: Token {{ influxdb_info.influxdb_operator_token }} | ||||
|   register: response | ||||
| 
 | ||||
| - name: Parse influxdb bucketID | ||||
|   set_fact: | ||||
|     influxdb_bucketID: '{{ response.json.buckets | selectattr("name", "==", "servers") | map(attribute="id") | first }}' | ||||
| 
 | ||||
| - name: Create influxdb token | ||||
|   delegate_to: localhost | ||||
|   uri: | ||||
|     url: '{{ influxdb_info.influxdb_url }}/api/v2/authorizations' | ||||
|     method: POST | ||||
|     body_format: json | ||||
|     status_code: 201 | ||||
|     headers: | ||||
|       Authorization: Token {{ influxdb_info.influxdb_operator_token }} | ||||
|       Content-Type: application/json | ||||
|     body: | | ||||
|       { | ||||
|         "description": "{{ inventory_hostname }}", | ||||
|         "orgID": "{{ influxdb_orgID }}", | ||||
|         "permissions": [{ "action": "write", "resource": { "type": "buckets", "id": "{{ influxdb_bucketID }}" } }] | ||||
|       } | ||||
|   register: response | ||||
| 
 | ||||
| - name: Parse influxdb token | ||||
|   set_fact: | ||||
|     influxdb_token: '{{ response.json.token }}' | ||||
| 
 | ||||
| # Ansible’s passwordstore lookup plugin should be able to do that but is pretty broken, | ||||
| # so we do it manually. | ||||
| - name: Store influxdb token in password store | ||||
|   delegate_to: localhost | ||||
|   command: | ||||
|     cmd: 'pass insert --force --multiline {{ ("vm/" if is_virtual else "host/")~inventory_hostname }}' | ||||
|     stdin: '{{ password | to_nice_yaml(sort_keys=false) }}influxdb_token: {{ influxdb_token }}' | ||||
							
								
								
									
										5
									
								
								roles/telegraf/templates/output.conf.j2
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								roles/telegraf/templates/output.conf.j2
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,5 @@ | |||
| [[outputs.influxdb_v2]] | ||||
|  urls = ["{{ influxdb_info.influxdb_url }}"] | ||||
|  organization = "{{ influxdb_info.influxdb_org }}" | ||||
|  bucket = "{{ influxdb_info.influxdb_bucket }}" | ||||
|  token = "{{ influxdb_token | default(password.influxdb_token) }}" | ||||
|  | @ -3,6 +3,13 @@ | |||
|   roles: | ||||
|     - facts | ||||
| 
 | ||||
| - hosts: monitor | ||||
|   roles: | ||||
|     - alpine | ||||
|     - nginx | ||||
|     - influxdb | ||||
|     - grafana | ||||
| 
 | ||||
| - hosts: dhcp | ||||
|   roles: | ||||
|     - alpine | ||||
|  | @ -19,6 +26,7 @@ | |||
|   roles: | ||||
|     - debian | ||||
|     - frr | ||||
|     - telegraf | ||||
|     - ceph | ||||
| 
 | ||||
| - hosts: pve-rc-*, pve-lab-* | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue