Commit ec1332476d5c5fb2ea22e10f198474005c80a043
1 parent
f38cf00c
Exists in
master
and in
85 other branches
Monitoring support with munin
- all servers have munin-node installed - unless an external munin master is specified, munin master will be installed to reverseproxy - munin master for production will be managed separately
Showing
10 changed files
with
139 additions
and
1 deletions
Show diff stats
Rakefile
| ... | ... | @@ -58,6 +58,12 @@ $nodes.each do |node| |
| 58 | 58 | node.data['firewall'] = firewall |
| 59 | 59 | end |
| 60 | 60 | |
| 61 | +# In the absence of a dedicated munin master, reverseproxy will do that. | |
| 62 | +if !config['munin_master'] | |
| 63 | + config['munin_master'] = ips['reverseproxy'] | |
| 64 | + $nodes.find { |node| node.hostname == 'reverseproxy' }.data['run_list'] << 'role[monitoring_server]' | |
| 65 | +end | |
| 66 | + | |
| 61 | 67 | task :console do |
| 62 | 68 | require 'pry' |
| 63 | 69 | binding.pry | ... | ... |
config/prod/config.yaml
| ... | ... | @@ -17,3 +17,4 @@ external_outgoing_mail_relay: 189.9.150.53 |
| 17 | 17 | external_outgoing_mail_domain: serpro.gov.br |
| 18 | 18 | raven_dsn: https://4418146896924efe9b73d557f803f047:8a59f39b5f584ff589ecf3dd47faaead@sentry.tracy.com.br/13 |
| 19 | 19 | google_analytics_id: 'UA-64206731-1' |
| 20 | +munin_master: 10.21.0.10 | ... | ... |
cookbooks/firewall/templates/default/iptables.erb
| ... | ... | @@ -16,11 +16,19 @@ |
| 16 | 16 | -A INPUT -p icmp --icmp-type 11 -j ACCEPT |
| 17 | 17 | -A INPUT -p icmp --icmp-type 12 -j ACCEPT |
| 18 | 18 | |
| 19 | +# allow ping between the peers | |
| 20 | +<% node['peers'].each do |hostname,ip| %> | |
| 21 | +-A INPUT -s <%= ip %> -p icmp --icmp-type 8 -j ACCEPT | |
| 22 | +<% end %> | |
| 23 | + | |
| 19 | 24 | -A INPUT -i lo -j ACCEPT |
| 20 | 25 | |
| 21 | 26 | # Everybody need to accept SSH from integration |
| 22 | 27 | -A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW --dport 22 -j ACCEPT |
| 23 | 28 | |
| 29 | +# Everybody needs to accept munin connections from munin master | |
| 30 | +-A INPUT -s <%= node['config']['munin_master'] %> -p tcp -m state --state NEW --dport 4949 -j ACCEPT | |
| 31 | + | |
| 24 | 32 | <%= node['firewall'] %> |
| 25 | 33 | <%= render 'iptables-filter.erb' %> |
| 26 | 34 | ... | ... |
| ... | ... | @@ -0,0 +1,12 @@ |
| 1 | +location /munin/static/ { | |
| 2 | + alias /var/www/html/munin/static/; | |
| 3 | + expires modified +1w; | |
| 4 | +} | |
| 5 | +location /munin/ { | |
| 6 | + # auth_basic "Restricted"; | |
| 7 | + # # Create the htpasswd file with the htpasswd tool. | |
| 8 | + # auth_basic_user_file /etc/nginx/munin_htpasswd; | |
| 9 | + | |
| 10 | + alias /var/www/html/munin/; | |
| 11 | + expires modified +310s; | |
| 12 | +} | ... | ... |
| ... | ... | @@ -0,0 +1,60 @@ |
| 1 | +#!/bin/sh | |
| 2 | +# | |
| 3 | +# Copyright (c) 2009 Sven-Hendrik Haase | |
| 4 | +# Copyright (C) 2004 Jimmy Olsen | |
| 5 | +# | |
| 6 | +# This program is free software; you can redistribute it and/or | |
| 7 | +# modify it under the terms of the GNU General Public License | |
| 8 | +# as published by the Free Software Foundation; version 2 dated June, | |
| 9 | +# 1991. | |
| 10 | +# | |
| 11 | +# This program is distributed in the hope that it will be useful, | |
| 12 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 13 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 14 | +# GNU General Public License for more details. | |
| 15 | +# | |
| 16 | +# You should have received a copy of the GNU General Public License | |
| 17 | +# along with this program; if not, write to the Free Software | |
| 18 | +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 19 | +# | |
| 20 | +# | |
| 21 | +# Plugin to monitor packet loss | |
| 22 | +# | |
| 23 | +# Please note that sometimes it can take quite long for the plugin to return | |
| 24 | +# a value on a network with lots of packet loss. | |
| 25 | +# You therefore need to account for it by appending the following to your | |
| 26 | +# plugin-conf.d/munin-node. Remember to restart munin-node afterwards. | |
| 27 | +# Append the next 3 lines to plugin-conf.d/munin-node: | |
| 28 | +# [packetloss_*] | |
| 29 | +# timeout 60 | |
| 30 | +# user root | |
| 31 | +# | |
| 32 | +# Parameters: | |
| 33 | +# | |
| 34 | +# ping_args - Arguments to ping (default "-c 2") | |
| 35 | +# ping_args2 - Arguments after the host name (required for Solaris) | |
| 36 | +# ping - Ping program to use | |
| 37 | +# host - Host to ping | |
| 38 | +# | |
| 39 | +# Arguments for Solaris: | |
| 40 | +# ping_args -s | |
| 41 | +# ping_args2 56 2 | |
| 42 | +# | |
| 43 | +#%# family=manual | |
| 44 | + | |
| 45 | +file_host=`basename $0 | sed 's/^packetloss_//g'` | |
| 46 | +host=${host:-${file_host:-www.google.com}} | |
| 47 | + | |
| 48 | +if [ "$1" = "config" ]; then | |
| 49 | + echo "graph_title Packet loss to $host (in %)" | |
| 50 | + echo 'graph_args --upper-limit 100 -l 0' | |
| 51 | + echo 'graph_vlabel %' | |
| 52 | + echo 'graph_category network' | |
| 53 | + echo 'graph_info This graph shows packet loss statistics.' | |
| 54 | + echo "packetloss.label $host" | |
| 55 | + echo "packetloss.info Packet loss statistics for $host." | |
| 56 | + echo 'packetloss.draw LINE2' | |
| 57 | + exit 0 | |
| 58 | +fi | |
| 59 | + | |
| 60 | +${ping:-ping} ${ping_args:-'-c 10'} ${host} ${ping_args2} | perl -n -e 'print "packetloss.value $1\n" if /(\d+)% packet loss/;' | ... | ... |
| ... | ... | @@ -0,0 +1,12 @@ |
| 1 | +package 'munin' | |
| 2 | + | |
| 3 | +template '/etc/munin/conf.d/hosts.conf' | |
| 4 | + | |
| 5 | +package 'nginx' | |
| 6 | +service 'nginx' do | |
| 7 | + supports :reload => true | |
| 8 | +end | |
| 9 | +cookbook_file '/etc/nginx/default.d/munin.conf' do | |
| 10 | + source 'nginx.conf' | |
| 11 | + notifies :reload, 'service[nginx]' | |
| 12 | +end | ... | ... |
| ... | ... | @@ -0,0 +1,32 @@ |
| 1 | +package 'munin-node' | |
| 2 | + | |
| 3 | +service 'munin-node' do | |
| 4 | + action [:enable, :start] | |
| 5 | +end | |
| 6 | + | |
| 7 | +directory '/usr/local/share/munin/plugins' do | |
| 8 | + recursive true | |
| 9 | +end | |
| 10 | +cookbook_file '/usr/local/share/munin/plugins/packetloss' do | |
| 11 | + mode 0755 | |
| 12 | +end | |
| 13 | + | |
| 14 | +node['peers'].each do |hostname,ip| | |
| 15 | + link '/etc/munin/plugins/packetloss_' + hostname do | |
| 16 | + to '/usr/local/share/munin/plugins/packetloss' | |
| 17 | + end | |
| 18 | +end | |
| 19 | + | |
| 20 | +bash "allow connections from munin master" do | |
| 21 | + ip = node['config']['munin_master'] | |
| 22 | + code "echo 'cidr_allow #{ip}/32' >> /etc/munin/munin-node.conf" | |
| 23 | + not_if "grep 'cidr_allow #{ip}/32' /etc/munin/munin-node.conf" | |
| 24 | + notifies :restart, 'service[munin-node]' | |
| 25 | +end | |
| 26 | + | |
| 27 | +bash "set munin-node hostname" do | |
| 28 | + hostname = node['fqdn'] | |
| 29 | + code "sed -i -e '/^host_name\s*localhost/d; $a host_name #{hostname}' /etc/munin/munin-node.conf" | |
| 30 | + not_if "grep 'host_name #{hostname}' /etc/munin/munin-node.conf" | |
| 31 | + notifies :restart, 'service[munin-node]' | |
| 32 | +end | ... | ... |
roles/server.rb