"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
-<!-- 2024-05-08 Wed 14:38 -->
+<!-- 2024-09-03 Tue 08:46 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Birchwood Abbey Networks</title>
philosophy, attitude.
</p>
-<pre class="example" id="org6cd3100">
+<pre class="example" id="org666ada7">
|
=
_|||_
<div class="outline-text-2" id="text-2">
<p>
The abbey's public particulars are included below. They are the
-public particulars of a small institute, nothing more. As for the
-abbey's private parameters, in <q>private/vars-abbey.yml</q>, example lines
-(only! ;-) are included in the following chapters. An example of the
-abbey's private institutional parameters, <q>private/vars.yml</q>, can be
-found in <a href="Institute/private/vars.yml"><q>Institute/private/vars.yml</q></a>.
+public particulars of a small institute, nothing more.
</p>
<div class="org-src-container">
front_addr: 159.65.75.60
</pre>
</div>
+
+<p>
+The abbey's private institutional parameters are in
+<q>private/vars.yml</q>. Example lines can be found in
+<a href="Institute/private/vars.yml"><q>Institute/private/vars.yml</q></a>.
+</p>
+
+<p>
+The abbey's private liturgical parameters are in
+<q>private/vars-abbey.yml</q>. Example lines are included here and tangled
+into <a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a>.
+</p>
</div>
</div>
<div id="outline-container-orgf21aecc" class="outline-2">
Dovecot-IMAPd, and hosting a VPN with OpenVPN.
</p>
</div>
-<div id="outline-container-org5fad937" class="outline-3">
-<h3 id="org5fad937"><span class="section-number-3">3.1.</span> Install Emacs</h3>
+<div id="outline-container-orgbdc000c" class="outline-3">
+<h3 id="orgbdc000c"><span class="section-number-3">3.1.</span> Install Emacs</h3>
<div class="outline-text-3" id="text-3-1">
<p>
The monks of the abbey are masters of the staff (bo) and Emacs.
<<apache-gitweb>>
IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
- dest: /etc/apache2/sites-available/{{ domain_name }}-vhost.conf
+ dest: /etc/apache2/sites-available/birchwood-abbey.net-vhost.conf
notify: Restart Apache2.
<<apache-gitweb-tasks>>
entered as shown below).
</p>
-<pre class="example" id="org251b0c7">
+<pre class="example" id="org39bc164">
$ sudo apt install python3-certbot-apache
$ sudo certbot --apache -d birchwood-abbey.net
...
NTP, DNS and DHCP.
</p>
</div>
-<div id="outline-container-org51ebdb0" class="outline-3">
-<h3 id="org51ebdb0"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
+<div id="outline-container-orgf7f2984" class="outline-3">
+<h3 id="orgf7f2984"><span class="section-number-3">4.1.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-4-1">
<p>
In this abbey specific document, most abbey particulars are not
</div>
</div>
</div>
-<div id="outline-container-orga2bd985" class="outline-3">
-<h3 id="orga2bd985"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-org1a716c3" class="outline-3">
+<h3 id="org1a716c3"><span class="section-number-3">4.8.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-4-8">
<p>
Core itself will benefit from using the package cache.
copy:
content: >
Acquire::http::Proxy
- <span class="org-string">"http://apt-cacher.{{ domain_priv }}.:3142"</span>;
+ <span class="org-string">"http://apt-cacher.birchwood.private.:3142"</span>;
dest: /etc/apt/apt.conf.d/01proxy
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
</pre>
<h3 id="org362dff5"><span class="section-number-3">4.12.</span> Monitoring The Cloister</h3>
<div class="outline-text-3" id="text-4-12">
<p>
-The abbey adds monitoring for more servers: Kamino, Kessel and
-Devaron. They are <code>abbey-cloister</code> servers, so they are configured as
+The abbey adds monitoring for more servers: Kamino, Kessel, and Ord
+Mantell. They are <code>abbey-cloister</code> servers, so they are configured as
small institute <code>campus</code> servers, like Gate, with an NRPE (a NAGIOS
Remote Plugin Executor) server and an <code>inst_sensors</code> command.
</p>
The configurations for the servers are very similar to Gate's, but are
idiosyncratically in flux. In particular, Kamino does not irritate
<code>check_total_procs</code>, yet Kessel does. Both are Pop!_OS 22.04, but
-Kessel is a wireless host while Kamino is wired. Devaron, the
+Kessel is a wireless host while Kamino is wired. Ord Mantell, the
Raspberry Pi OS (ARM64) machine, uses the <code>abbey_pisensors</code> monitor.
</p>
</div>
</p>
<div class="org-src-container">
-<a href="private/vars-abbey.yml"><q>private/vars-abbey.yml</q></a><pre class="src src-conf">devaron_addr: 10.84.138.10
+<a href="private_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf">---
kamino_addr: 192.168.56.14
kessel_addr: 10.84.138.8
+ord_mantell_addr: 10.84.138.10
</pre>
</div>
</div>
template:
src: nagios-{{ item }}.cfg
dest: /etc/nagios4/conf.d/{{ item }}.cfg
- loop: [ devaron, kessel ]
+ loop: [ ord-mantell, kessel ]
notify: Reload NAGIOS4.
</pre>
</div>
</div>
</div>
-<div id="outline-container-org2e4fb52" class="outline-4">
-<h4 id="org2e4fb52"><span class="section-number-4">4.12.3.</span> NAGIOS Monitoring of Devaron</h4>
+<div id="outline-container-org50c82d2" class="outline-4">
+<h4 id="org50c82d2"><span class="section-number-4">4.12.3.</span> NAGIOS Monitoring of Ord-Mantell</h4>
<div class="outline-text-4" id="text-4-12-3">
<div class="org-src-container">
-<a href="roles_t/abbey-core/templates/nagios-
devaron.cfg"><q>roles_t/abbey-core/templates/nagios-devaron.cfg</q></a><pre class="src src-conf"><span class="org-type">define host</span> {
+<a href="roles_t/abbey-core/templates/nagios-
ord-mantell.cfg"><q>roles_t/abbey-core/templates/nagios-ord-mantell.cfg</q></a><pre class="src src-conf"><span class="org-type">define host</span> {
use linux-server
- host_name devaron
- address {{ devaron_addr }}
+ host_name ord-mantell
+ address {{ ord_mantell_addr }}
}
<span class="org-type">define service</span> {
use generic-service
- host_name devaron
+ host_name ord-mantell
service_description Root Partition
check_command check_nrpe!inst_root
}
<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">host_name devaron</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Current Load</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_load</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
<span class="org-type">define service</span> {
use generic-service
- host_name devaron
+ host_name ord-mantell
service_description Zombie Processes
check_command check_nrpe!check_zombie_procs
}
<span class="org-comment-delimiter"># </span><span class="org-comment">define service {</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">use generic-service</span>
-<span class="org-comment-delimiter"># </span><span class="org-comment">host_name devaron</span>
+<span class="org-comment-delimiter"># </span><span class="org-comment">host_name ord-mantell</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">service_description Total Processes</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">check_command check_nrpe!check_total_procs</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">}</span>
<span class="org-type">define service</span> {
use generic-service
- host_name devaron
+ host_name ord-mantell
service_description Swap Usage
check_command check_nrpe!inst_swap
}
<span class="org-type">define service</span> {
use generic-service
- host_name devaron
+ host_name ord-mantell
service_description Temperature Sensors
check_command check_nrpe!abbey_pisensors
}
</div>
</div>
</div>
-<div id="outline-container-orga9351cb" class="outline-3">
-<h3 id="orga9351cb"><span class="section-number-3">4.13.</span> Install Analog</h3>
+<div id="outline-container-org6e1d8e8" class="outline-3">
+<h3 id="org6e1d8e8"><span class="section-number-3">4.13.</span> Install Munin</h3>
<div class="outline-text-3" id="text-4-13">
<p>
+The abbey is experimenting with Munin. NAGIOS is all about notifying
+the Sys. Admin. of failed services. Munin is more about tracking
+trends in resource usage.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+- name: Install Munin.
+ become: yes
+ apt:
+ pkg: munin
+
+- name: Add {{ ansible_user }} to Munin group.
+ become: yes
+ user:
+ name: <span class="org-string">"{{ ansible_user }}"</span>
+ append: yes
+ groups: munin
+
+- name: Enable network access to Munin.
+ become: yes
+ lineinfile:
+ path: /etc/munin/apache24.conf
+ regexp: <span class="org-string">'([^#]*)Require'</span>
+ line: <span class="org-string">'\1Require all granted'</span>
+ backrefs: yes
+ notify: Restart Apache2.
+
+- name: Punt default Munin node.
+ become: yes
+ replace:
+ path: /etc/munin/munin.conf
+ regexp: <span class="org-string">'^\[localhost.*\n\n'</span>
+
+- name: Configure actual Munin nodes.
+ become: yes
+ copy:
+ content: |
+ [<span class="org-type">dantooine.birchwood.private</span>]
+ address 127.0.0.1
+
+ [<span class="org-type">anoat.birchwood.private</span>]
+ address {{ gate_addr }}
+
+ [<span class="org-type">kessel.birchwood.private</span>]
+ address {{ kessel_addr }}
+
+ [<span class="org-type">ord-mantell.birchwood.private</span>]
+ address {{ ord_mantell_addr }}
+ dest: /etc/munin/munin-conf.d/zzz-site.cfg
+ notify: Restart Munin.
+</pre>
+</div>
+
+<p>
+The core machine's sensors produce some unfortunate measurements. The
+next task configures <code>libsensors</code> to ignore them.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-core/tasks/main.yml"><q>roles_t/abbey-core/tasks/main.yml</q></a><pre class="src src-conf">
+- name: Configure core sensors(1).
+ become: yes
+ copy:
+ content: |
+ chip <span class="org-string">"iwlwifi_1-virtual-0"</span>
+ ignore temp1
+
+ chip <span class="org-string">"acpitz-acpi-0"</span>
+ ignore temp1
+ dest: /etc/sensors.d/site.conf
+</pre>
+</div>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-core/handlers/main.yml"><q>roles_t/abbey-core/handlers/main.yml</q></a><pre class="src src-conf">
+- name: Restart Munin.
+ become: yes
+ systemd:
+ service: munin
+ state: restarted
+</pre>
+</div>
+</div>
+</div>
+<div id="outline-container-orga9351cb" class="outline-3">
+<h3 id="orga9351cb"><span class="section-number-3">4.14.</span> Install Analog</h3>
+<div class="outline-text-3" id="text-4-14">
+<p>
The abbey's public web site's access and error logs are emailed
regularly to <code>webmaster</code>, who saves them in <q>/Logs/apache2-public/</q>
and runs <code>analog</code> to generate <q>/WWW/campus/analog.html</q>, available to
</div>
</div>
<div id="outline-container-org4cc42f5" class="outline-3">
-<h3 id="org4cc42f5"><span class="section-number-3">4.14.</span> Add Monkey to Web Server Group</h3>
-<div class="outline-text-3" id="text-4-14">
+<h3 id="org4cc42f5"><span class="section-number-3">4.15.</span> Add Monkey to Web Server Group</h3>
+<div class="outline-text-3" id="text-4-15">
<p>
Monkey needs to be in <code>www-data</code> so that it can run
<q>/WWW/live/Photos/Private/cronjob</q> to publish photos from multiple
</div>
</div>
<div id="outline-container-orgb69761e" class="outline-3">
-<h3 id="orgb69761e"><span class="section-number-3">4.15.</span> Install netpbm For Photo Processing</h3>
-<div class="outline-text-3" id="text-4-15">
+<h3 id="orgb69761e"><span class="section-number-3">4.16.</span> Install netpbm For Photo Processing</h3>
+<div class="outline-text-3" id="text-4-16">
<p>
Monkey's photo processing scripts use <code>netpbm</code> commands like
<code>jpegtopnm</code>.
</div>
</div>
<div id="outline-container-org9a9dc68" class="outline-3">
-<h3 id="org9a9dc68"><span class="section-number-3">4.16.</span> Configure Weather Updates</h3>
-<div class="outline-text-3" id="text-4-16">
+<h3 id="org9a9dc68"><span class="section-number-3">4.17.</span> Configure Weather Updates</h3>
+<div class="outline-text-3" id="text-4-17">
<p>
Monkey on Core runs <q>/WWW/campus/Weather/Private/cronjob</q> every 5
minutes and <q>cronjob-midnight</q> at midnight.
role configures all campus machines to trust the institute's CA, sync
with the campus time server, and forward email to Core. The
<code>abbey-cloister</code> role additionally configures cloistered machines to
-use the cloister Apt cache, respond to Core's NAGIOS network monitor,
-and to install Emacs. There are also a few OS specific tasks, namely
-configuration required on Raspberry Pi OS machines.
+use the cloister Apt cache, respond to Core's NAGIOS and Munin network
+monitors, and to install Emacs. There are also a few OS specific
+tasks, namely configuration required on Raspberry Pi OS machines.
</p>
<p>
Wireless clients are issued keys for the cloister VPN by the <code>./abbey
-client</code> command. This command includes the institutional process
-described in <a href="Institute/README.html#org0ad53cf">The Client Command</a>. The process handles three types of
-clients: Android, Debian and Campus. The last type never roams, and
-is not associated with a member of the small institute.
+client</code> command which is currently identical to the <code>./inst client</code>
+command (described in <a href="Institute/README.html#org0ad53cf">The Client Command</a>). The wireless, cloistered
+hosts never roam, are not associated with a member, and so are
+"campus" clients, issued keys with commands like this:
</p>
+
+<pre class="example">
+./abbey client campus new-host-name
+</pre>
</div>
-<div id="outline-container-orge45cd0c" class="outline-3">
-<h3 id="orge45cd0c"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
+<div id="outline-container-orga5b3bf9" class="outline-3">
+<h3 id="orga5b3bf9"><span class="section-number-3">6.1.</span> Use Cloister Apt Cache</h3>
<div class="outline-text-3" id="text-6-1">
<p>
The Apt-Cacher:TNG program does not work well on the frontier, so is
copy:
content: >
Acquire::http::Proxy
- <span class="org-string">"http://apt-cacher.{{ domain_priv }}.:3142"</span>;
+ <span class="org-string">"http://apt-cacher.birchwood.private.:3142"</span>;
dest: /etc/apt/apt.conf.d/01proxy
<span class="org-variable-name">mode: u</span>=rw,g=r,o=r
</pre>
</div>
</div>
</div>
-<div id="outline-container-org3c54304" class="outline-3">
-<h3 id="org3c54304"><span class="section-number-3">6.3.</span> Install Emacs</h3>
+<div id="outline-container-orgc166594" class="outline-3">
+<h3 id="orgc166594"><span class="section-number-3">6.3.</span> Install Munin Node</h3>
<div class="outline-text-3" id="text-6-3">
<p>
+Each cloistered host is a Munin node.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+- name: Install Munin Node.
+ become: yes
+ apt:
+ pkg: munin-node
+
+- name: Add {{ ansible_user }} to Munin group.
+ become: yes
+ user:
+ name: <span class="org-string">"{{ ansible_user }}"</span>
+ append: yes
+ groups: munin
+</pre>
+</div>
+
+<p>
+Again, one of our cloistered hosts has sensors producing unfortunate
+measurements. The next task configures Anoat's <code>libsensors</code> to ignore
+them.
+</p>
+
+<div class="org-src-container">
+<a href="roles_t/abbey-cloister/tasks/main.yml"><q>roles_t/abbey-cloister/tasks/main.yml</q></a><pre class="src src-conf">
+- name: Configure {{ inventory_hostname }} sensors(1).
+ copy:
+ content: |
+ chip <span class="org-string">"iwlwifi_1-virtual-0"</span>
+ ignore temp1
+
+ chip <span class="org-string">"acpitz-acpi-0"</span>
+ ignore temp1
+ dest: /etc/sensors.d/site.conf
+ <span class="org-variable-name">when: inventory_hostname</span> == <span class="org-string">'anoat'</span>
+</pre>
+</div>
+</div>
+</div>
+<div id="outline-container-org5cff3f5" class="outline-3">
+<h3 id="org5cff3f5"><span class="section-number-3">6.4.</span> Install Emacs</h3>
+<div class="outline-text-3" id="text-6-4">
+<p>
The monks of the abbey are masters of the staff and Emacs.
</p>
below. A test session is shown below.
</p>
-<pre class="example" id="org68684e4">
+<pre class="example" id="orgd2ab943">
monkey@new$ owdir
...
/26.2153B6000000/
</p>
</div>
</div>
-<div id="outline-container-orgf821b20" class="outline-3">
-<h3 id="orgf821b20"><span class="section-number-3">8.4.</span> Include Abbey Variables</h3>
+<div id="outline-container-org114a404" class="outline-3">
+<h3 id="org114a404"><span class="section-number-3">8.4.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-8-4">
<p>
Private variables in <q>private/vars-abbey.yml</q> are needed, and included
</p>
<div class="org-src-container">
-<a href="private
/vars-abbey.yml"><q>private/vars-abbey.yml</q></a><pre class="src src-conf">zoneminder_dbpass: gakJopbikJadsEdd
+<a href="private
_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf">zoneminder_dbpass: gakJopbikJadsEdd
</pre>
</div>
</p>
</div>
</div>
-<div id="outline-container-orgbbd0c82" class="outline-3">
-<h3 id="orgbbd0c82"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
+<div id="outline-container-orge3238f6" class="outline-3">
+<h3 id="orge3238f6"><span class="section-number-3">9.3.</span> Include Abbey Variables</h3>
<div class="outline-text-3" id="text-9-3">
<p>
Private variables in <q>private/vars-abbey.yml</q> are needed, as in the
</p>
<div class="org-src-container">
-<a href="private
/vars-abbey.yml"><q>private/vars-abbey.yml</q></a><pre class="src src-conf">mythtv_dbpass: daJkibpoJkag
+<a href="private
_ex/vars-abbey.yml"><q>private_ex/vars-abbey.yml</q></a><pre class="src src-conf">mythtv_dbpass: daJkibpoJkag
</pre>
</div>
the OTA (over the air) broadcasts.
</p>
-<pre class="example" id="orga364723">
+<pre class="example" id="org82b52c7">
$ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
Cache file for lineups, schedules and programs.
Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
ansible_become_password: <span class="org-string">"{{ become_anoat }}"</span>
dantooine:
ansible_become_password: <span class="org-string">"{{ become_dantooine }}"</span>
- <span class="org-comment-delimiter"># </span><span class="org-comment">WebTVs (Desktops)</span>
- devaron:
+ <span class="org-comment-delimiter"># </span><span class="org-comment">Campus</span>
kamino:
ansible_become_password: <span class="org-string">"{{ become_kamino }}"</span>
kessel:
ansible_become_password: <span class="org-string">"{{ become_kessel }}"</span>
+ ord-mantell:
+ ansible_become_password: <span class="org-string">"{{ become_ord_mantell }}"</span>
<span class="org-comment-delimiter"># </span><span class="org-comment">Notebooks</span>
endor:
ansible_become_password: <span class="org-string">"{{ become_endor }}"</span>
ansible_user: matt
ansible_become_password: <span class="org-string">"{{ become_geonosis }}"</span>
postfix_mydestination: >-
- geonosis.{{ domain_priv }}
+ geonosis.birchwood.private
geonosis
geonosis.localdomain
localhost.localdomain
campus:
hosts:
anoat:
- devaron:
kamino:
kessel:
+ ord-mantell:
weather:
hosts:
anoat:
dantooine:
webtvs:
hosts:
- kessel:
- devaron:
kamino:
+ kessel:
+ ord-mantell:
notebooks:
hosts:
endor:
geonosis:
builders:
hosts:
- devaron:
geonosis:
kamino:
</pre>
</p>
<div class="org-src-container">
-
=/etc/network/interfaces.d/wifi<pre class="src src-conf">auto wlan0
+
<q>/etc/network/interfaces.d/wifi</q><pre class="src src-conf">auto wlan0
iface wlan0 inet dhcp
wpa-ssid <span class="org-string">"Birchwood Abbey"</span>
wpa-psk <span class="org-string">"PASSWORD"</span>
</div>
<div id="postamble" class="status">
<p class="author">Author: Matt Birkholz</p>
-<p class="date">Created: 2024-05-08 Wed 14:38</p>
+<p class="date">Created: 2024-09-03 Tue 08:46</p>
<p class="validation"><a href="https://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
projects / Network / commitdiff