}
#+END_SRC
+** Install Munin
+
+The abbey is experimenting with Munin. NAGIOS is all about notifying
+the Sys. Admin. of failed services. Munin is more about tracking
+trends in resource usage.
+
+#+CAPTION: [[file:roles_t/abbey-core/tasks/main.yml][=roles_t/abbey-core/tasks/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/abbey-core/tasks/main.yml
+
+- name: Install Munin.
+ become: yes
+ apt:
+ pkg: munin
+
+- name: Add {{ ansible_user }} to Munin group.
+ become: yes
+ user:
+ name: "{{ ansible_user }}"
+ append: yes
+ groups: munin
+
+- name: Enable network access to Munin.
+ become: yes
+ lineinfile:
+ path: /etc/munin/apache24.conf
+ regexp: '([^#]*)Require'
+ line: '\1Require all granted'
+ backrefs: yes
+ notify: Restart Apache2.
+
+- name: Punt default Munin node.
+ become: yes
+ replace:
+ path: /etc/munin/munin.conf
+ regexp: '^\[localhost.*\n\n'
+
+- name: Configure actual Munin nodes.
+ become: yes
+ copy:
+ content: |
+ [dantooine.birchwood.private]
+ address 127.0.0.1
+
+ [anoat.birchwood.private]
+ address {{ gate_addr }}
+
+ [kessel.birchwood.private]
+ address {{ kessel_addr }}
+
+ [devaron.birchwood.private]
+ address {{ devaron_addr }}
+ dest: /etc/munin/munin-conf.d/zzz-site.cfg
+ notify: Restart Munin.
+#+END_SRC
+
+The core machine's sensors produce some unfortunate measurements. The
+next task configures ~libsensors~ to ignore them.
+
+#+CAPTION: [[file:roles_t/abbey-core/tasks/main.yml][=roles_t/abbey-core/tasks/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/abbey-core/tasks/main.yml
+
+- name: Configure core sensors(1).
+ become: yes
+ copy:
+ content: |
+ chip "iwlwifi_1-virtual-0"
+ ignore temp1
+
+ chip "acpitz-acpi-0"
+ ignore temp1
+ dest: /etc/sensors.d/site.conf
+#+END_SRC
+
+#+CAPTION: [[file:roles_t/abbey-core/handlers/main.yml][=roles_t/abbey-core/handlers/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/abbey-core/handlers/main.yml
+
+- name: Restart Munin.
+ become: yes
+ systemd:
+ service: munin
+ state: restarted
+#+END_SRC
+
** Install Analog
The abbey's public web site's access and error logs are emailed
role configures all campus machines to trust the institute's CA, sync
with the campus time server, and forward email to Core. The
~abbey-cloister~ role additionally configures cloistered machines to
-use the cloister Apt cache, respond to Core's NAGIOS network monitor,
-and to install Emacs. There are also a few OS specific tasks, namely
-configuration required on Raspberry Pi OS machines.
+use the cloister Apt cache, respond to Core's NAGIOS and Munin network
+monitors, and to install Emacs. There are also a few OS specific
+tasks, namely configuration required on Raspberry Pi OS machines.
Wireless clients are issued keys for the cloister VPN by the ~./abbey
client~ command which is currently identical to the ~./inst client~
state: reloaded
#+END_SRC
+** Install Munin Node
+
+Each cloistered host is a Munin node.
+
+#+CAPTION: [[file:roles_t/abbey-cloister/tasks/main.yml][=roles_t/abbey-cloister/tasks/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/abbey-cloister/tasks/main.yml
+
+- name: Install Munin Node.
+ become: yes
+ apt:
+ pkg: munin-node
+
+- name: Add {{ ansible_user }} to Munin group.
+ become: yes
+ user:
+ name: "{{ ansible_user }}"
+ append: yes
+ groups: munin
+#+END_SRC
+
+Again, one of our cloistered hosts has sensors producing unfortunate
+measurements. The next task configures Anoat's ~libsensors~ to ignore
+them.
+
+#+CAPTION: [[file:roles_t/abbey-cloister/tasks/main.yml][=roles_t/abbey-cloister/tasks/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/abbey-cloister/tasks/main.yml
+
+- name: Configure {{ inventory_hostname }} sensors(1).
+ copy:
+ content: |
+ chip "iwlwifi_1-virtual-0"
+ ignore temp1
+
+ chip "acpitz-acpi-0"
+ ignore temp1
+ dest: /etc/sensors.d/site.conf
+ when: inventory_hostname == 'anoat'
+#+END_SRC
+
** Install Emacs
The monks of the abbey are masters of the staff and Emacs.
loop: [ devaron, kessel ]
notify: Reload NAGIOS4.
+- name: Install Munin.
+ become: yes
+ apt:
+ pkg: munin
+
+- name: Add {{ ansible_user }} to Munin group.
+ become: yes
+ user:
+ name: "{{ ansible_user }}"
+ append: yes
+ groups: munin
+
+- name: Enable network access to Munin.
+ become: yes
+ lineinfile:
+ path: /etc/munin/apache24.conf
+ regexp: '([^#]*)Require'
+ line: '\1Require all granted'
+ backrefs: yes
+ notify: Restart Apache2.
+
+- name: Punt default Munin node.
+ become: yes
+ replace:
+ path: /etc/munin/munin.conf
+ regexp: '^\[localhost.*\n\n'
+
+- name: Configure actual Munin nodes.
+ become: yes
+ copy:
+ content: |
+ [dantooine.birchwood.private]
+ address 127.0.0.1
+
+ [anoat.birchwood.private]
+ address {{ gate_addr }}
+
+ [kessel.birchwood.private]
+ address {{ kessel_addr }}
+
+ [devaron.birchwood.private]
+ address {{ devaron_addr }}
+ dest: /etc/munin/munin-conf.d/zzz-site.cfg
+ notify: Restart Munin.
+
+- name: Configure core sensors(1).
+ become: yes
+ copy:
+ content: |
+ chip "iwlwifi_1-virtual-0"
+ ignore temp1
+
+ chip "acpitz-acpi-0"
+ ignore temp1
+ dest: /etc/sensors.d/site.conf
+
- name: Install Analog.
become: yes
apt: pkg=analog
projects / Network / commitdiff