skoobasteeve/ansible-server-setup
1
0
Fork 0
mirror of https://github.com/skoobasteeve/ansible-server-setup.git synced 2026-03-21 20:08:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial working commit

Browse Source
This commit is contained in:
Ray Lyon
2022-10-16 18:54:37 -04:00
commit 1505e39da7
13 changed files with 396 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/librenms-client/handlers/main.yml Normal file
View File

@@ -0,0 +1,23 @@
---
- name: reload systemd configs
ansible.builtin.systemd:
daemon_reload: yes
- name: enable and restart snmpd.service
ansible.builtin.systemd:
state: restarted
enabled: yes
name: snmpd
listen: enable and restart snmpd.service
- name: enable and restart the rsyslog service
ansible.builtin.systemd:
state: restarted
enabled: yes
name: rsyslog
- name: restart syslog-ng for LibreNMS
ansible.builtin.systemd:
state: restarted
name: syslog-ng
delegate_to: nms.lyon

171
roles/librenms-client/tasks/main.yml Normal file
View File

@@ -0,0 +1,171 @@
---
- name: check for pihole
ansible.builtin.stat:
path: "/usr/local/bin/pihole"
register: pihole
- name: install latest snmpd - debian
package: name=snmpd state=latest
when: ansible_os_family == "Debian"
- name: install latest snmpd - centos
package: name=net-snmp state=latest
when: ansible_distribution_file_variety == "RedHat"
- name: install latest jq
package: name=jq state=latest
- name: fix extend serial permissions
ansible.builtin.file:
path: "/sys/devices/virtual/dmi/id/product_serial"
mode: '444'
when: ansible_architecture == "x86_64" and ansible_virtualization_role != "guest"
- name: cron job for extend serial permissions
ansible.builtin.lineinfile:
path: /etc/crontab
line: "@reboot chmod 444 /sys/devices/virtual/dmi/id/product_serial"
when: ansible_architecture == "x86_64"
- name: download script for extend distro
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro"
dest: "/usr/bin/distro"
mode: '755'
- name: download script for extend osupdates
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate"
dest: "/etc/snmp/osupdate"
mode: '755'
- name: download script for extend zfs
ansible.builtin.get_url:
url: "https://github.com/librenms/librenms-agent/raw/master/snmp/zfs-linux"
dest: "/etc/snmp/zfs-linux"
mode: '755'
when: "'zfs-zed' in ansible_facts.packages"
- name: download script for extend docker
ansible.builtin.get_url:
url: "https://github.com/librenms/librenms-agent/raw/master/snmp/docker-stats.sh"
dest: "/etc/snmp/docker-stats.sh"
mode: '755'
when: "'docker' in services"
- name: download script for extend pihole
ansible.builtin.get_url:
url: "https://github.com/librenms/librenms-agent/raw/master/snmp/pi-hole"
dest: "/etc/snmp/pi-hole"
mode: '755'
when: pihole.stat.exists
- name: download script for extend raspberrypi
ansible.builtin.get_url:
url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/raspberry.sh"
dest: "/etc/snmp/raspberry.sh"
mode: '755'
when: ansible_os_family == "Debian" and ansible_lsb.id == 'Raspbian'
- name: add api key to pihole script for pihole01
ansible.builtin.lineinfile:
path: "/etc/snmp/pi-hole"
regexp: '^API_AUTH_KEY='
line: 'API_AUTH_KEY="{{ pihole01_key }}"'
backrefs: yes
when: ansible_hostname == "pihole01"
- name: add api key to pihole script for pihole02
ansible.builtin.lineinfile:
path: "/etc/snmp/pi-hole"
regexp: '^API_AUTH_KEY='
line: 'API_AUTH_KEY="{{ pihole02_key }}"'
backrefs: yes
when: ansible_hostname == "pihole02"
- name: set ExecStart options in service file - ubuntu
ansible.builtin.lineinfile:
path: "/lib/systemd/system/snmpd.service"
regexp: '^ExecStart='
line: "ExecStart=/usr/sbin/snmpd -LS4d -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f"
backrefs: yes
when: ansible_os_family == "Debian"
notify: reload systemd configs
- name: set snmpdopts - centos
ansible.builtin.lineinfile:
path: "/etc/sysconfig/snmpd"
regexp: '^# OPTIONS=|^OPTIONS='
line: 'OPTIONS="-LS4-6d"'
when: ansible_distribution_file_variety == "RedHat"
- name: copy snmpd.conf from template
register: snmpd_config
ansible.builtin.template:
src: snmpd.conf.j2
dest: "/etc/snmp/snmpd.conf"
owner: root
group: root
mode: '0644'
notify:
- enable and restart snmpd.service
- name: add host to librenms
# when: snmpd_config.changed
block:
- name: Try adding by hostname
command:
cmd: "/usr/bin/lnms device:add --v2c -c {{ snmp_community }} {{ inventory_hostname }}"
become: yes
become_user: librenms
delegate_to: nms.lyon
register: lnms_add_by_hostname
rescue:
- name: Add by IP when hostname fails
command:
cmd: "/opt/librenms/snmp-scan.py -v -r {{ ansible_default_ipv4.address }}/32"
become: yes
become_user: librenms
delegate_to: nms.lyon
register: lnms_add_by_ip
- name: check librenms add by hostname status
when: lnms_add_by_hostname.changed
ansible.builtin.debug:
msg: "{{ lnms_add_by_hostname.stdout }}"
- name: check librenms add by ip status
when: lnms_add_by_ip.changed
ansible.builtin.debug:
msg: "{{ lnms_add_by_ip.stdout }}"
- name: copy sudoers from template
ansible.builtin.template:
src: sudoers.j2
dest: "/etc/sudoers.d/80-snmp"
owner: root
group: root
mode: '0440'
- name: copy rsyslog config from template
ansible.builtin.template:
src: rsyslog.conf.j2
dest: "/etc/rsyslog.d/librenms.conf"
owner: root
group: root
mode: '0644'
notify:
- enable and restart the rsyslog service
- restart syslog-ng for LibreNMS
- name: verify the rsyslog service is running
ansible.builtin.systemd:
state: started
name: rsyslog
- name: verify the snmpd service is running
ansible.builtin.systemd:
state: started
name: snmpd

5
roles/librenms-client/templates/rsyslog.conf.j2 Normal file
View File

@@ -0,0 +1,5 @@
*.* @{{ librenms_ip }}:514
if $programname == 'snmpd' and $msg contains 'statfs' then {
stop
}

47
roles/librenms-client/templates/snmpd.conf.j2 Normal file
View File

@@ -0,0 +1,47 @@
# Change RANDOMSTRINGGOESHERE to your preferred SNMP community string
com2sec readonly default {{ snmp_community }}
group MyROGroup v2c readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Home
syscontact Ray Lyon <ray@raylyon.net>
agentAddress udp:161,udp6:[::1]:161
rocommunity {{ snmp_community }}
#OS Distribution Detection
extend distro /usr/bin/distro
#OS Updates
extend osupdate /etc/snmp/osupdate
#Hardware Detection
{% if ansible_architecture == "x86_64" %}
extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
{% endif %}
{% if ansible_architecture == "armv6l" %}
extend hardware '/bin/cat /sys/firmware/devicetree/base/model'
extend serial '/bin/cat /sys/firmware/devicetree/base/serial-number'
{% endif %}
#Extended scripts
{% if "nfs-kernel-server" in ansible_facts.services %}
extend nfs-server /bin/cat /proc/net/rpc/nfsd
{% endif %}
{% if "zfs-zed" in ansible_facts.packages %}
extend zfs '/usr/bin/sudo /etc/snmp/zfs-linux'
{% endif %}
{% if "docker" in ansible_facts.services %}
extend docker /usr/bin/sudo /etc/snmp/docker-stats.sh
{% endif %}
{% if pihole.stat.exists %}
extend pi-hole /etc/snmp/pi-hole
{% endif %}
{% if ansible_os_family == "Debian" and ansible_lsb.id == 'Raspbian' %}
extend raspberry /usr/bin/sudo /bin/sh /etc/snmp/raspberry.sh
{% endif %}

9
roles/librenms-client/templates/sudoers.j2 Normal file
View File

@@ -0,0 +1,9 @@
{% if "zfs-zed" in ansible_facts.packages %}
Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/zfs-linux
{% endif %}
{% if "docker" in ansible_facts.services %}
Debian-snmp ALL=(ALL) NOPASSWD: /etc/snmp/docker-stats.sh
{% endif %}
{% if pihole.stat.exists %}
Debian-snmp ALL=(ALL) NOPASSWD: /bin/sh /etc/snmp/raspberry.sh
{% endif %}