diff options
21 files changed, 323 insertions, 2 deletions
diff --git a/manifests/tozt.pp b/manifests/tozt.pp index 026044c..cb000f8 100644 --- a/manifests/tozt.pp +++ b/manifests/tozt.pp @@ -23,5 +23,6 @@ node 'tozt', 'tozt.localdomain' { include tozt::services include tozt::site include tozt::teleterm + include tozt::tick include tozt::ttrss } diff --git a/modules/certbot/files/bootstrap-certbot b/modules/certbot/files/bootstrap-certbot index 9810791..f0b43f4 100755 --- a/modules/certbot/files/bootstrap-certbot +++ b/modules/certbot/files/bootstrap-certbot @@ -91,7 +91,7 @@ if [ -z "$is_running" ]; then fi if [ -z "$config_dir" ]; then - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net -d munin.tozt.net -d metabase.tozt.net -d rc-teleterm.tozt.net -d bitwarden.tozt.net -d gitea.tozt.net + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net -d munin.tozt.net -d metabase.tozt.net -d rc-teleterm.tozt.net -d bitwarden.tozt.net -d gitea.tozt.net -d influxdb.tozt.net -d chronograf.tozt.net else - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net -d munin.tozt.net -d metabase.tozt.net -d rc-teleterm.tozt.net -d bitwarden.tozt.net -d gitea.tozt.net --config-dir "$config_dir" + /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net -d munin.tozt.net -d metabase.tozt.net -d rc-teleterm.tozt.net -d bitwarden.tozt.net -d gitea.tozt.net -d influxdb.tozt.net -d chronograf.tozt.net --config-dir "$config_dir" fi diff --git a/modules/mail/manifests/monitoring.pp b/modules/mail/manifests/monitoring.pp index a3c7728..a6c740b 100644 --- a/modules/mail/manifests/monitoring.pp +++ b/modules/mail/manifests/monitoring.pp @@ -78,4 +78,26 @@ class mail::monitoring { 'mail_count', ]: } + + tick::client::plugin { + "cpu": + opts => { + percpu => true, + totalcpu => true, + collect_cpu_time => false, + report_active => false, + }; + "disk": + opts => { + ignore_fs => ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"], + }; + [ + "diskio", + "kernel", + "mem", + "processes", + "swap", + "system", + ]: + } } diff --git a/modules/partofme/manifests/monitoring.pp b/modules/partofme/manifests/monitoring.pp index bb4fe9e..55c17e2 100644 --- a/modules/partofme/manifests/monitoring.pp +++ b/modules/partofme/manifests/monitoring.pp @@ -68,4 +68,26 @@ class partofme::monitoring { 'package_updates', ]: } + + tick::client::plugin { + "cpu": + opts => { + percpu => true, + totalcpu => true, + collect_cpu_time => false, + report_active => false, + }; + "disk": + opts => { + ignore_fs => ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"], + }; + [ + "diskio", + "kernel", + "mem", + "processes", + "swap", + "system", + ]: + } } diff --git a/modules/tick/files/chronograf b/modules/tick/files/chronograf new file mode 100644 index 0000000..1baf186 --- /dev/null +++ b/modules/tick/files/chronograf @@ -0,0 +1,2 @@ +HOST=127.0.0.1 +BOLT_PATH=/media/persistent/chronograf/chronograf-v1.db diff --git a/modules/tick/files/influxdb.conf b/modules/tick/files/influxdb.conf new file mode 100644 index 0000000..fbacf36 --- /dev/null +++ b/modules/tick/files/influxdb.conf @@ -0,0 +1,8 @@ +[meta] + dir = "/media/persistent/influxdb/meta" +[data] + dir = "/media/persistent/influxdb/data" + wal-dir = "/media/persistent/influxdb/wal" + series-id-set-cache-size = 100 +[http] + bind-address = "127.0.0.1:8086" diff --git a/modules/tick/manifests/client.pp b/modules/tick/manifests/client.pp new file mode 100644 index 0000000..a37256b --- /dev/null +++ b/modules/tick/manifests/client.pp @@ -0,0 +1,24 @@ +class tick::client { + package::makepkg { 'telegraf-bin': + ensure => installed; + } + + $influxdb_username = secret::value('influxdb_username') + $influxdb_password = secret::value('influxdb_password') + + file { + "/etc/telegraf/telegraf.conf": + content => template("tick/telegraf.conf"), + require => Package::Makepkg['telegraf-bin'], + notify => Service['telegraf']; + "/etc/telegraf/telegraf.d": + ensure => directory, + require => Package::Makepkg['telegraf-bin']; + } + + service { 'telegraf': + ensure => running, + enable => true, + require => Package::Makepkg['telegraf-bin']; + } +} diff --git a/modules/tick/manifests/client/plugin.pp b/modules/tick/manifests/client/plugin.pp new file mode 100644 index 0000000..f9c2f83 --- /dev/null +++ b/modules/tick/manifests/client/plugin.pp @@ -0,0 +1,9 @@ +define tick::client::plugin($opts = {}) { + include tick::client + + file { "/etc/telegraf/telegraf.d/${name}.conf": + content => template("tick/plugin.conf"), + require => File["/etc/telegraf/telegraf.d"], + notify => Service["telegraf"]; + } +} diff --git a/modules/tick/manifests/server.pp b/modules/tick/manifests/server.pp new file mode 100644 index 0000000..81c54c9 --- /dev/null +++ b/modules/tick/manifests/server.pp @@ -0,0 +1,5 @@ +class tick::server { + contain tick::server::influxdb + contain tick::server::chronograf + contain tick::server::kapacitor +} diff --git a/modules/tick/manifests/server/chronograf.pp b/modules/tick/manifests/server/chronograf.pp new file mode 100644 index 0000000..068539e --- /dev/null +++ b/modules/tick/manifests/server/chronograf.pp @@ -0,0 +1,23 @@ +class tick::server::chronograf { + package::makepkg { 'chronograf-bin': + ensure => installed; + } + + file { + "/etc/default/chronograf": + source => "puppet:///modules/tick/chronograf", + require => Package::Makepkg['chronograf-bin'], + notify => Service['chronograf']; + "/media/persistent/chronograf": + ensure => directory, + owner => "chronograf", + group => "chronograf", + require => Package::Makepkg['chronograf-bin']; + } + + service { 'chronograf': + ensure => running, + enable => true, + require => Package::Makepkg['chronograf-bin']; + } +} diff --git a/modules/tick/manifests/server/influxdb.pp b/modules/tick/manifests/server/influxdb.pp new file mode 100644 index 0000000..66ba164 --- /dev/null +++ b/modules/tick/manifests/server/influxdb.pp @@ -0,0 +1,27 @@ +class tick::server::influxdb { + package { 'influxdb': + ensure => installed; + } + + file { + "/etc/influxdb/influxdb.conf": + source => "puppet:///modules/tick/influxdb.conf", + require => Package['influxdb'], + notify => Service['influxdb']; + "/media/persistent/influxdb": + ensure => directory, + owner => "influxdb", + group => "influxdb", + require => Package['influxdb']; + } + + service { 'influxdb': + ensure => running, + enable => true, + require => [ + Package['influxdb'], + File["/etc/influxdb/influxdb.conf"], + File["/media/persistent/influxdb"], + ]; + } +} diff --git a/modules/tick/manifests/server/kapacitor.pp b/modules/tick/manifests/server/kapacitor.pp new file mode 100644 index 0000000..c1dfcd7 --- /dev/null +++ b/modules/tick/manifests/server/kapacitor.pp @@ -0,0 +1,25 @@ +class tick::server::kapacitor { + package::makepkg { 'kapacitor-bin': + ensure => installed; + } + + $smtp_password = secret::value('kapacitor_smtp_password') + + file { + "/etc/kapacitor/kapacitor.conf": + content => template('tick/kapacitor.conf'), + require => Package::Makepkg['kapacitor-bin'], + notify => Service['kapacitor']; + "/media/persistent/kapacitor": + ensure => directory, + owner => "kapacitor", + group => "kapacitor", + require => Package::Makepkg['kapacitor-bin']; + } + + service { 'kapacitor': + ensure => running, + enable => true, + require => Package::Makepkg['kapacitor-bin']; + } +} diff --git a/modules/tick/templates/kapacitor.conf b/modules/tick/templates/kapacitor.conf new file mode 100644 index 0000000..4b6a307 --- /dev/null +++ b/modules/tick/templates/kapacitor.conf @@ -0,0 +1,34 @@ +hostname = "localhost" +data_dir = "/media/persistent/kapacitor" +[http] + bind-address = "127.0.0.1:9092" +[logging] + file = "/var/log/kapacitor/kapacitor.log" + level = "INFO" +[load] + enabled = true + dir = "/etc/kapacitor/load" +[replay] + dir = "/media/persistent/kapacitor/replay" +[storage] + boltdb = "/media/persistent/kapacitor/kapacitor.db" +[deadman] + global = true + threshold = 0.0 + interval = "10s" + id = "node 'NODE_NAME' in task '{{ .TaskName }}'" + message = "{{ .ID }} is {{ if eq .Level \"OK\" }}alive{{ else }}dead{{ end }}: {{ index .Fields \"collected\" | printf \"%0.3f\" }} points/INTERVAL." +[[influxdb]] + enabled = true + default = true + name = "localhost" + urls = ["http://localhost:8086"] +[smtp] + enabled = true + host = "mail.tozt.net" + port = 465 + username = "kapacitor-noreply@tozt.net" + password = "<%= @smtp_password %>" + from = "kapacitor-noreply@tozt.net" + global = true + state-changes-only = true diff --git a/modules/tick/templates/plugin.conf b/modules/tick/templates/plugin.conf new file mode 100644 index 0000000..38b4525 --- /dev/null +++ b/modules/tick/templates/plugin.conf @@ -0,0 +1,4 @@ +[[inputs.<%= @name %>]] +<%- @opts.each do |k, v| -%> +<%= k %> = <%= JSON.dump(v) %> +<%- end -%> diff --git a/modules/tick/templates/telegraf.conf b/modules/tick/templates/telegraf.conf new file mode 100644 index 0000000..ba307bd --- /dev/null +++ b/modules/tick/templates/telegraf.conf @@ -0,0 +1,16 @@ +[global_tags] +[agent] + interval = "10s" + round_interval = true + metric_batch_size = 1000 + metric_buffer_limit = 10000 + collection_jitter = "0s" + flush_interval = "10s" + flush_jitter = "0s" + precision = "" + hostname = "" + omit_hostname = false +[[outputs.influxdb]] + urls = ["https://influxdb.tozt.net"] + username = "<%= @influxdb_username %>" + password = "<%= @influxdb_password %>" diff --git a/modules/tozt/files/nginx/chronograf-tls.conf b/modules/tozt/files/nginx/chronograf-tls.conf new file mode 100644 index 0000000..b6f838e --- /dev/null +++ b/modules/tozt/files/nginx/chronograf-tls.conf @@ -0,0 +1,16 @@ +server { + listen 443; + server_name chronograf.tozt.net; + + access_log /var/log/nginx/chronograf.access.log; + error_log /var/log/nginx/chronograf.error.log; + + include ssl; + + location / { + proxy_pass http://127.0.0.1:8888/; + auth_basic "chronograf"; + auth_basic_user_file "/media/persistent/chronograf.htpasswd"; + } +} +# vim:ft=nginx diff --git a/modules/tozt/files/nginx/chronograf.conf b/modules/tozt/files/nginx/chronograf.conf new file mode 100644 index 0000000..9011fd6 --- /dev/null +++ b/modules/tozt/files/nginx/chronograf.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name chronograf.tozt.net; + + access_log /var/log/nginx/chronograf.access.log; + error_log /var/log/nginx/chronograf.error.log; + + rewrite ^(.*) https://$host$1 permanent; +} +# vim:ft=nginx diff --git a/modules/tozt/files/nginx/influxdb-tls.conf b/modules/tozt/files/nginx/influxdb-tls.conf new file mode 100644 index 0000000..5b06d34 --- /dev/null +++ b/modules/tozt/files/nginx/influxdb-tls.conf @@ -0,0 +1,16 @@ +server { + listen 443; + server_name influxdb.tozt.net; + + access_log /var/log/nginx/influxdb.access.log; + error_log /var/log/nginx/influxdb.error.log; + + include ssl; + + location / { + proxy_pass http://127.0.0.1:8086/; + auth_basic "influxdb"; + auth_basic_user_file "/media/persistent/influxdb.htpasswd"; + } +} +# vim:ft=nginx diff --git a/modules/tozt/files/nginx/influxdb.conf b/modules/tozt/files/nginx/influxdb.conf new file mode 100644 index 0000000..744e2fd --- /dev/null +++ b/modules/tozt/files/nginx/influxdb.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name influxdb.tozt.net; + + access_log /var/log/nginx/influxdb.access.log; + error_log /var/log/nginx/influxdb.error.log; + + rewrite ^(.*) https://$host$1 permanent; +} +# vim:ft=nginx diff --git a/modules/tozt/manifests/monitoring.pp b/modules/tozt/manifests/monitoring.pp index d6a4af3..40a1e82 100644 --- a/modules/tozt/manifests/monitoring.pp +++ b/modules/tozt/manifests/monitoring.pp @@ -80,4 +80,26 @@ class tozt::monitoring { 'certbot', ]: } + + tick::client::plugin { + "cpu": + opts => { + percpu => true, + totalcpu => true, + collect_cpu_time => false, + report_active => false, + }; + "disk": + opts => { + ignore_fs => ["tmpfs", "devtmpfs", "devfs", "iso9660", "overlay", "aufs", "squashfs"], + }; + [ + "diskio", + "kernel", + "mem", + "processes", + "swap", + "system", + ]: + } } diff --git a/modules/tozt/manifests/tick.pp b/modules/tozt/manifests/tick.pp new file mode 100644 index 0000000..cc21c55 --- /dev/null +++ b/modules/tozt/manifests/tick.pp @@ -0,0 +1,25 @@ +class tozt::tick { + include tick::server + + secret { + "/media/persistent/influxdb.htpasswd": + source => 'influxdb_htpasswd', + owner => 'http'; + "/media/persistent/chronograf.htpasswd": + source => 'chronograf_htpasswd', + owner => 'http'; + } + + nginx::site { + "influxdb-tls": + source => 'puppet:///modules/tozt/nginx/influxdb-tls.conf', + require => Class['certbot']; + "influxdb": + source => 'puppet:///modules/tozt/nginx/influxdb.conf'; + "chronograf-tls": + source => 'puppet:///modules/tozt/nginx/chronograf-tls.conf', + require => Class['certbot']; + "chronograf": + source => 'puppet:///modules/tozt/nginx/chronograf.conf'; + } +} |