diff options
| author | Ole Mathias Heggem <ole@sdok.no> | 2017-04-19 23:16:07 +0200 |
|---|---|---|
| committer | Ole Mathias Heggem <ole@sdok.no> | 2017-04-19 23:16:07 +0200 |
| commit | 7b97188b728c85c498acc8acdce1750c472f2c85 (patch) | |
| tree | 12c1436ab7eb97e9434e774671e8ffea134d61db /ansible | |
| parent | f70f65f7466a480a45a8260b35887cb7ed36b466 (diff) | |
| parent | 7d404abf07d865d253ac2cfc353741e8d4af4867 (diff) | |
Merge remote-tracking branch 'refs/remotes/tech-server/master'
Diffstat (limited to 'ansible')
| -rw-r--r-- | ansible/inventory-dx | 2 | ||||
| -rw-r--r-- | ansible/inventory-localhost | 10 | ||||
| -rw-r--r-- | ansible/playbook-new.yml | 21 | ||||
| -rw-r--r-- | ansible/playbook-prod.yml | 16 | ||||
| -rw-r--r-- | ansible/roles/basics/tasks/main.yml | 66 | ||||
| -rw-r--r-- | ansible/roles/common/tasks/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/ping/files/gondul-pinger.service | 14 | ||||
| -rw-r--r-- | ansible/roles/ping/handlers/main.yml | 3 | ||||
| -rw-r--r-- | ansible/roles/ping/tasks/main.yml | 10 | ||||
| -rw-r--r-- | ansible/roles/postgres/files/postgresql.conf | 616 | ||||
| -rw-r--r-- | ansible/roles/postgres/tasks/main.yml | 31 | ||||
| -rw-r--r-- | ansible/roles/snmp/files/gondul-snmp.service | 14 | ||||
| -rw-r--r-- | ansible/roles/snmp/handlers/main.yml | 3 | ||||
| -rw-r--r-- | ansible/roles/snmp/tasks/main.yml | 23 | ||||
| -rw-r--r-- | ansible/roles/test/tasks/main.yml | 39 | ||||
| -rw-r--r-- | ansible/roles/test/vars/main.yml | 18 | ||||
| -rw-r--r-- | ansible/roles/web/files/gondul.conf | 39 | ||||
| -rw-r--r-- | ansible/roles/web/handlers/main.yml | 3 | ||||
| -rw-r--r-- | ansible/roles/web/tasks/main.yml | 44 |
19 files changed, 960 insertions, 18 deletions
diff --git a/ansible/inventory-dx b/ansible/inventory-dx deleted file mode 100644 index 365c31b..0000000 --- a/ansible/inventory-dx +++ /dev/null @@ -1,2 +0,0 @@ -[prod] -localhost ansible_connection=local diff --git a/ansible/inventory-localhost b/ansible/inventory-localhost new file mode 100644 index 0000000..ee4e0bc --- /dev/null +++ b/ansible/inventory-localhost @@ -0,0 +1,10 @@ +[front-test] +localhost ansible_connection=local +[postgres] +localhost ansible_connection=local +[web] +localhost ansible_connection=local +[ping] +localhost ansible_connection=local +[snmp] +localhost ansible_connection=local diff --git a/ansible/playbook-new.yml b/ansible/playbook-new.yml new file mode 100644 index 0000000..7961f21 --- /dev/null +++ b/ansible/playbook-new.yml @@ -0,0 +1,21 @@ +--- +- hosts: all + roles: + - common +- hosts: postgres + become: true + roles: + - postgres +- hosts: web + become: true + roles: + - web +- hosts: ping + become: true + roles: + - ping +- hosts: snmp + become: true + roles: + - snmp + diff --git a/ansible/playbook-prod.yml b/ansible/playbook-prod.yml deleted file mode 100644 index e0e778b..0000000 --- a/ansible/playbook-prod.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: all - become: false - roles: - - basics - vars: - - images: - - name: "gondul-front-test" - links: [] - ports: "{{ front_ports }}" - - name: "gondul-varnish-test" - links: [ "gondul-front-test:gondul-front" ] - ports: "{{ varnish_ports }}" - - name: "gondul-snmp-test" - links: [ ] - ports: [] diff --git a/ansible/roles/basics/tasks/main.yml b/ansible/roles/basics/tasks/main.yml new file mode 100644 index 0000000..6a92a19 --- /dev/null +++ b/ansible/roles/basics/tasks/main.yml @@ -0,0 +1,66 @@ +- command: pwd + register: pwd + tags: + - build + - stop + - start + - test +- name: make all + docker_image: + state: present + docker_api_version: 1.18 + name: "{{ item.name }}" + dockerfile: build/test/{{ item.name }}.Dockerfile + path: "{{ pwd.stdout }}" + force: true + rm: false + with_items: "{{ images }}" + tags: + - build + +- name: stop all + docker: + name: "{{ item.name }}" + docker_api_version: 1.18 + state: stopped + image: "{{ item.name }}" + stop_timeout: 2 + with_items: "{{ images }}" + tags: + - stop + +- name: start all + docker_container: + name: "{{ item.name }}" + image: "{{ item.name }}" + docker_api_version: 1.18 + state: started + network_mode: bridge + recreate: true + restart: true + published_ports: "{{ item.ports }}" + links: "{{ item.links }}" + volumes: "{{ item.volumes }}" + with_items: "{{ images }}" + tags: + - start +- name: workaround to get gondul-varnish-front-ip + shell: "docker inspect gondul-varnish-test | grep IPAddress | sed 's/[^0-9.]//g' | grep 172.17 | uniq" + register: ip + tags: + - start + - test +- name: workaround to get gondul-front-ip + shell: "docker inspect gondul-front-test | grep IPAddress | sed 's/[^0-9.]//g' | grep 172.17 | uniq" + register: ipfront + tags: + - start + - test + +- name: Display IP + tags: + - start + - test + debug: + msg: "Varnish test is available at http://{{ ip.stdout }}/ uncached ip: http://{{ ipfront.stdout }}/ " + diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..fbd42d1 --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,6 @@ +- name: Gondul-repo + become: true + tags: + - git-all + - git-gondul + git: repo=https://github.com/tech-server/gondul.git dest=/opt/gondul update=no accept_hostkey=yes diff --git a/ansible/roles/ping/files/gondul-pinger.service b/ansible/roles/ping/files/gondul-pinger.service new file mode 100644 index 0000000..fc9cabd --- /dev/null +++ b/ansible/roles/ping/files/gondul-pinger.service @@ -0,0 +1,14 @@ +[Unit] +Description=Gondul ping collector +Documentation=http://google.com +After=network.target + +[Service] +ExecStart=/opt/gondul/collectors/ping.pl +MountFlags=slave +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/ping/handlers/main.yml b/ansible/roles/ping/handlers/main.yml new file mode 100644 index 0000000..6592e88 --- /dev/null +++ b/ansible/roles/ping/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart gondul-pinger + service: name=gondul-pinger state=restarted diff --git a/ansible/roles/ping/tasks/main.yml b/ansible/roles/ping/tasks/main.yml new file mode 100644 index 0000000..cb435d1 --- /dev/null +++ b/ansible/roles/ping/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Add systemd service file for gondul-ping + copy: + dest: /etc/systemd/system/gondul-pinger.service + src: gondul-pinger.service + notify: restart gondul-pinger +- name: Enable ping service + systemd: + name: gondul-pinger.service + enabled: yes + notify: restart gondul-pinger diff --git a/ansible/roles/postgres/files/postgresql.conf b/ansible/roles/postgres/files/postgresql.conf new file mode 100644 index 0000000..cf6e67e --- /dev/null +++ b/ansible/roles/postgres/files/postgresql.conf @@ -0,0 +1,616 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, or use "pg_ctl reload". Some +# parameters, which are marked below, require a server shutdown and restart to +# take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: kB = kilobytes Time units: ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory + # (change requires restart) +hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file + # (change requires restart) +ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +#listen_addresses = 'localhost' # what IP address(es) to listen on; + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +port = 5432 # (change requires restart) +max_connections = 100 # (change requires restart) +# Note: Increasing max_connections costs ~400 bytes of shared memory per +# connection slot, plus lock space (see max_locks_per_transaction). +#superuser_reserved_connections = 3 # (change requires restart) +unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - Security and Authentication - + +#authentication_timeout = 1min # 1s-600s +ssl = true # (change requires restart) +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers + # (change requires restart) +#ssl_prefer_server_ciphers = on # (change requires restart) +#ssl_ecdh_curve = 'prime256v1' # (change requires restart) +#ssl_renegotiation_limit = 0 # amount of data between renegotiations +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) +#ssl_ca_file = '' # (change requires restart) +#ssl_crl_file = '' # (change requires restart) +#password_encryption = on +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - TCP Keepalives - +# see "man 7 tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +shared_buffers = 1024MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +temp_buffers = 64MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory +# per transaction slot, plus lock space (see max_locks_per_transaction). +# It is not advisable to set max_prepared_transactions nonzero unless you +# actively intend to use prepared transactions. +work_mem = 16MB # min 64kB +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#max_stack_depth = 2MB # min 100kB +dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # use none to disable dynamic shared memory + +# - Disk - + +#temp_file_limit = -1 # limits per-session temp file space + # in kB, or -1 for no limit + +# - Kernel Resource Usage - + +#max_files_per_process = 1000 # min 25 + # (change requires restart) +#shared_preload_libraries = '' # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 10 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +bgwriter_delay = 1000ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round + +# - Asynchronous Behavior - + +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 + + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +#wal_level = minimal # minimal, archive, hot_standby, or logical + # (change requires restart) +#fsync = off # turns forced synchronization on or off +#synchronous_commit = off # synchronization level; + # off, local, remote_write, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +wal_writer_delay = 1000ms # 1-10000 milliseconds + +commit_delay = 10000 # range 0-100000, in microseconds +commit_siblings = 50 # range 1-1000 + +# - Checkpoints - + +#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each +#checkpoint_timeout = 5min # range 30s-1h +#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_warning = 30s # 0 disables + +# - Archiving - + +#archive_mode = off # allows archiving to be done + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Server(s) - + +# Set these on the master and on any standby that will send replication data. + +#max_wal_senders = 0 # max number of walsender processes + # (change requires restart) +#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables + +#max_replication_slots = 0 # max number of replication slots + # (change requires restart) + +# - Master Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a master server. + +#hot_standby = off # "on" allows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from master + # in milliseconds; 0 disables + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#effective_cache_size = 4GB + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses + + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'pg_log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' + +# This is only relevant when logging to eventlog (win32): +#event_source = 'PostgreSQL' + +# - When to Log - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +log_line_prefix = '%t [%p-%l] %q%u@%d ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_statement = 'none' # none, ddl, mod, all +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +log_timezone = 'UTC' + + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ + +# - Query/Index Statistics Collector - + +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none # none, pl, all +#track_activity_query_size = 1024 # (change requires restart) +#update_process_title = on +stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp' + + +# - Statistics Monitoring - + +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#search_path = '"$user",public' # schema names +#default_tablespace = '' # a tablespace name, '' uses the default +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_freeze_table_age = 150000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'UTC' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 0 # min -15, max 3 +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +lc_messages = 'C' # locale for system error message + # strings +lc_monetary = 'C' # locale for monetary formatting +lc_numeric = 'C' # locale for number formatting +lc_time = 'C' # locale for time formatting + +# default configuration for text search +default_text_search_config = 'pg_catalog.english' + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' +#session_preload_libraries = '' + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +# Note: Each lock table slot uses ~270 bytes of shared memory, and there are +# max_locks_per_transaction * (max_connections + max_prepared_transactions) +# lock table slots. +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) + + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. + +#include_dir = 'conf.d' # include files ending in '.conf' from + # directory 'conf.d' +#include_if_exists = 'exists.conf' # include file only if it exists +#include = 'special.conf' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here +listen_addresses = '*' diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..ee53327 --- /dev/null +++ b/ansible/roles/postgres/tasks/main.yml @@ -0,0 +1,31 @@ +- name: Install db-packages + apt: + name: "{{ item }}" + state: present + with_items: + - postgresql-9.4 + - python-psycopg2 +- name: Drop postgresql-config + copy: + dest: /etc/postgresql/9.4/main/postgresql.conf + src: postgresql.conf +- name: Whoami + become: false + command: whoami + register: whoami +- name: Fix sudo + lineinfile: + dest: "/etc/sudoers" + state: present + line: "{{ whoami.stdout }} ALL=(postgres) NOPASSWD: ALL" +- name: Make postgres-db + become_user: postgres + postgresql_db: + name: nms +- name: Ensure a valid postgres-user + become_user: postgres + postgresql_user: + db: nms + name: nms + password: risbrod + diff --git a/ansible/roles/snmp/files/gondul-snmp.service b/ansible/roles/snmp/files/gondul-snmp.service new file mode 100644 index 0000000..e5f2179 --- /dev/null +++ b/ansible/roles/snmp/files/gondul-snmp.service @@ -0,0 +1,14 @@ +[Unit] +Description=Gondul snmp collector +Documentation=http://google.com +After=network.target + +[Service] +ExecStart=/opt/gondul/collectors/snmpfetchng.pl +MountFlags=slave +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/snmp/handlers/main.yml b/ansible/roles/snmp/handlers/main.yml new file mode 100644 index 0000000..b0232f2 --- /dev/null +++ b/ansible/roles/snmp/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart gondul-snmp + service: name=gondul-snmp state=restarted diff --git a/ansible/roles/snmp/tasks/main.yml b/ansible/roles/snmp/tasks/main.yml new file mode 100644 index 0000000..2cb7165 --- /dev/null +++ b/ansible/roles/snmp/tasks/main.yml @@ -0,0 +1,23 @@ +- file: + path: /opt/gondul/data + state: directory + mode: 0755 +- stat: + path: /opt/gondul/data/mibs + register: mibdir +- name: Get mibs + command: /opt/gondul/extras/tools/get_mibs.sh + args: + chdir: /opt/gondul/data/ + when: not mibdir.stat.exists + notify: restart gondul-snmp +- name: Add systemd service file for gondul-snmp + copy: + dest: /etc/systemd/system/gondul-snmp.service + src: gondul-snmp.service + notify: restart gondul-snmp +- name: Enable snmp service + systemd: + name: gondul-snmp.service + enabled: yes + notify: restart gondul-snmp diff --git a/ansible/roles/test/tasks/main.yml b/ansible/roles/test/tasks/main.yml new file mode 100644 index 0000000..798644a --- /dev/null +++ b/ansible/roles/test/tasks/main.yml @@ -0,0 +1,39 @@ +- name: test index + tags: + - test + uri: url="http://{{ ip.stdout }}/" + +- name: test public api without data + tags: + - test + uri: + url: "http://{{ ip.stdout }}{{ item }}" + with_items: "{{ simple_urls }}" + +- name: test read api without data + uri: + url: http://{{ ip.stdout }}{{ item }} + user: demo + password: demo + with_items: "{{ read_urls }}" + tags: + - test +- name: Add some switches + tags: + - test + uri: + url: http://{{ ip.stdout }}/api/write/switch-add + method: "POST" + force_basic_auth: true + body_format: json + user: demo + password: demo + body: '[{"mgmt_v4_addr":"127.0.0.1","sysname":"core"},{"distro_name":"core","mgmt_v4_addr":"127.0.0.2","sysname":"distro0"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.3","sysname":"e1-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.4","sysname":"e1-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.5","sysname":"e3-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.6","sysname":"e3-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.7","sysname":"e5-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.8","sysname":"e5-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.9","sysname":"e7-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.10","sysname":"e7-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.11","sysname":"e9-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.12","sysname":"e9-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.14","sysname":"e11-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.15","sysname":"e11-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.16","sysname":"e13-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.17","sysname":"e13-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.18","sysname":"e15-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.19","sysname":"e15-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.20","sysname":"e17-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.21","sysname":"e17-2"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.22","sysname":"e19-1"},{"distro_name":"distro0","mgmt_v4_addr":"127.0.0.23","sysname":"e19-2"},{"distro_name":"core","mgmt_v4_addr":"127.0.0.24","sysname":"distro1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.25","sysname":"e21-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.26","sysname":"e21-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.27","sysname":"e23-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.28","sysname":"e23-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.29","sysname":"e25-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.30","sysname":"e25-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.31","sysname":"e27-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.32","sysname":"e27-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.33","sysname":"e29-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.34","sysname":"e29-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.36","sysname":"e31-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.37","sysname":"e31-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.38","sysname":"e33-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.39","sysname":"e33-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.40","sysname":"e35-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.41","sysname":"e35-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.42","sysname":"e37-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.43","sysname":"e37-2"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.44","sysname":"e39-1"},{"distro_name":"distro1","mgmt_v4_addr":"127.0.0.45","sysname":"e39-2"},{"distro_name":"core","mgmt_v4_addr":"127.0.0.46","sysname":"noc"}]' +- name: test read api after data is added + uri: + url: http://{{ ip.stdout }}{{ item }} + user: demo + password: demo + with_items: "{{ populated_urls }}" + tags: + - test diff --git a/ansible/roles/test/vars/main.yml b/ansible/roles/test/vars/main.yml new file mode 100644 index 0000000..0bed216 --- /dev/null +++ b/ansible/roles/test/vars/main.yml @@ -0,0 +1,18 @@ +simple_urls: + - "/api/public/switches" + - "/api/public/switch-state" + - "/api/public/ping" + - "/api/public/location" + - "/api/public/dhcp" + - "/api/public/dhcp-summary" + - "/index.html" + - "/templates/switches.txt" + - "/render/?target=carbon.agents.*.errors" +read_urls: + - "/api/read/oplog" + - "/api/read/snmp" + - "/api/read/switches-management" + - "/api/read/distro-tree" +populated_urls: + - "/api/templates/switches.txt" + diff --git a/ansible/roles/web/files/gondul.conf b/ansible/roles/web/files/gondul.conf new file mode 100644 index 0000000..0cdbff7 --- /dev/null +++ b/ansible/roles/web/files/gondul.conf @@ -0,0 +1,39 @@ +<VirtualHost *:80> + ServerAdmin lol@example.com + ServerName gondul.gathering.org + ServerAlias gondul.gathering.org + + DocumentRoot /opt/gondul/web + ScriptAlias /api/write/ /opt/gondul/web/api/write/ + ScriptAlias /api/read/ /opt/gondul/web/api/read/ + ScriptAlias /api/public/ /opt/gondul/web/api/public/ + <Directory "/opt/gondul/web/api/write/"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + </Directory> + <Directory "/opt/gondul/web/api/read/"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + </Directory> + <Directory "/opt/gondul/web/api/public/"> + AllowOverride None + Options +ExecCGI -MultiViews +Indexes +SymLinksIfOwnerMatch + Require all granted + </Directory> + <Directory "/opt/gondul/web"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AddDefaultCharset UTF-8 + Require all granted + </Directory> + + ErrorLog /var/log/apache2/error-nms.example.com.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/access-nms.example.com.log combined + ServerSignature On + +</VirtualHost> diff --git a/ansible/roles/web/handlers/main.yml b/ansible/roles/web/handlers/main.yml new file mode 100644 index 0000000..407739b --- /dev/null +++ b/ansible/roles/web/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart apache + service: name=apache2 state=restarted diff --git a/ansible/roles/web/tasks/main.yml b/ansible/roles/web/tasks/main.yml new file mode 100644 index 0000000..b716f87 --- /dev/null +++ b/ansible/roles/web/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Install front-packages + apt: + name: "{{ item }}" + state: present + with_items: + - libcapture-tiny-perl + - libcommon-sense-perl + - libdata-dumper-simple-perl + - libdbd-pg-perl + - libdbi-perl + - libdigest-perl + - libgd-perl + - libgeo-ip-perl + - libhtml-parser-perl + - libhtml-template-perl + - libjson-perl + - libjson-xs-perl + - libnetaddr-ip-perl + - libnet-cidr-perl + - libnet-ip-perl + - libnet-oping-perl + - libnet-rawip-perl + - libsnmp-perl + - libsocket6-perl + - libsocket-perl + - libswitch-perl + - libtimedate-perl + - perl + - perl-base + - perl-modules + - libfreezethaw-perl + - apache2 + +- apache2_module: + state: present + name: cgid + notify: restart apache +- command: a2dissite 000-default + ignore_errors: true +- name: Enable gondul-config + copy: + dest: /etc/apache2/sites-enabled/ + src: gondul.conf + notify: restart apache |