From 5656d4a12eb012205b92fd6fbb79fd544b539a47 Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Tue, 3 Sep 2024 08:53:25 -0600 Subject: [PATCH] Update README.html. --- README.html | 285 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 216 insertions(+), 69 deletions(-) diff --git a/README.html b/README.html index 2ec9780..e7eabb9 100644 --- a/README.html +++ b/README.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + Birchwood Abbey Networks @@ -64,7 +64,7 @@ map is very similar, with differences mainly in terminology, philosophy, attitude.

-
+
                 |                                                   
                 =                                                   
               _|||_                                                 
@@ -108,11 +108,7 @@ philosophy, attitude.
 

 

 The abbey's public particulars are included below.  They are the
-public particulars of a small institute, nothing more.  As for the
-abbey's private parameters, in private/vars-abbey.yml, example lines
-(only! ;-) are included in the following chapters.  An example of the
-abbey's private institutional parameters, private/vars.yml, can be
-found in Institute/private/vars.yml.
+public particulars of a small institute, nothing more.
 

 
 

@@ -124,6 +120,18 @@ full_name: Birchwood Abbey
 front_addr: 159.65.75.60
 

 
+
+

+The abbey's private institutional parameters are in
+private/vars.yml.  Example lines can be found in
+Institute/private/vars.yml.
+

+
+

+The abbey's private liturgical parameters are in
+private/vars-abbey.yml.  Example lines are included here and tangled
+into private_ex/vars-abbey.yml.
+

 
 
 

@@ -136,8 +144,8 @@ with Apache2, spooling email with Postfix and serving it with
 Dovecot-IMAPd, and hosting a VPN with OpenVPN.
 

 

-

-
3.1. Install Emacs

+

+
3.1. Install Emacs

 

 

 The monks of the abbey are masters of the staff (bo) and Emacs.
@@ -549,7 +557,7 @@ rest of the Let's Encrypt configuration is discussed in the following
         <<apache-gitweb>>
 
         IncludeOptional /etc/letsencrypt/options-ssl-apache.conf
-    dest: /etc/apache2/sites-available/{{ domain_name }}-vhost.conf
+    dest: /etc/apache2/sites-available/birchwood-abbey.net-vhost.conf
   notify: Restart Apache2.
 
 <<apache-gitweb-tasks>>
@@ -703,7 +711,7 @@ certificate is a terminal session affair (with prompts and lines
 entered as shown below).
 

 
-
+
 $ sudo apt install python3-certbot-apache
 $ sudo certbot --apache -d birchwood-abbey.net
 ...
@@ -922,8 +930,8 @@ with Postfix and Dovecot, and providing essential localnet services:
 NTP, DNS and DHCP.
 

 

-

-
4.1. Include Abbey Variables

+

+
4.1. Include Abbey Variables

 

 

 In this abbey specific document, most abbey particulars are not
@@ -1121,8 +1129,8 @@ The abbey uses the Apt-Cacher:TNG package cache on Core.  The
 

 

 

-

-
4.8. Use Cloister Apt Cache

+

+
4.8. Use Cloister Apt Cache

 

 

 Core itself will benefit from using the package cache.
@@ -1135,7 +1143,7 @@ Core itself will benefit from using the package cache.
   copy:
     content: >
       Acquire::http::Proxy
-      "http://apt-cacher.{{ domain_priv }}.:3142";
+      "http://apt-cacher.birchwood.private.:3142";
     dest: /etc/apt/apt.conf.d/01proxy
     mode: u=rw,g=r,o=r
@@ -1294,8 +1302,8 @@ recognizable temperature in the sensors output.

4.12. Monitoring The Cloister

-The abbey adds monitoring for more servers: Kamino, Kessel and -Devaron. They are abbey-cloister servers, so they are configured as +The abbey adds monitoring for more servers: Kamino, Kessel, and Ord +Mantell. They are abbey-cloister servers, so they are configured as small institute campus servers, like Gate, with an NRPE (a NAGIOS Remote Plugin Executor) server and an inst_sensors command.

@@ -1304,7 +1312,7 @@ Remote Plugin Executor) server and an inst_sensors command. The configurations for the servers are very similar to Gate's, but are idiosyncratically in flux. In particular, Kamino does not irritate check_total_procs, yet Kessel does. Both are Pop!_OS 22.04, but -Kessel is a wireless host while Kamino is wired. Devaron, the +Kessel is a wireless host while Kamino is wired. Ord Mantell, the Raspberry Pi OS (ARM64) machine, uses the abbey_pisensors monitor.

@@ -1318,9 +1326,10 @@ included in private/vars-abbey.yml.

-private/vars-abbey.yml
devaron_addr:               10.84.138.10
+private_ex/vars-abbey.yml
---
 kamino_addr:                192.168.56.14
 kessel_addr:                10.84.138.8
+ord_mantell_addr:           10.84.138.10
@@ -1341,60 +1350,60 @@ rarely powered up. template: src: nagios-{{ item }}.cfg dest: /etc/nagios4/conf.d/{{ item }}.cfg - loop: [ devaron, kessel ] + loop: [ ord-mantell, kessel ] notify: Reload NAGIOS4. -
-

4.12.3. NAGIOS Monitoring of Devaron

+
+

4.12.3. NAGIOS Monitoring of Ord-Mantell

-roles_t/abbey-core/templates/nagios-devaron.cfg
define host {
+roles_t/abbey-core/templates/nagios-ord-mantell.cfg
define host {
     use                     linux-server
-    host_name               devaron
-    address                 {{ devaron_addr }}
+    host_name               ord-mantell
+    address                 {{ ord_mantell_addr }}
 }
 
 define service {
     use                     generic-service
-    host_name               devaron
+    host_name               ord-mantell
     service_description     Root Partition
     check_command           check_nrpe!inst_root
 }
 
 # define service {
 #     use                     generic-service
-#     host_name               devaron
+#     host_name               ord-mantell
 #     service_description     Current Load
 #     check_command           check_nrpe!check_load
 # }
 
 define service {
     use                     generic-service
-    host_name               devaron
+    host_name               ord-mantell
     service_description     Zombie Processes
     check_command           check_nrpe!check_zombie_procs
 }
 
 # define service {
 #     use                     generic-service
-#     host_name               devaron
+#     host_name               ord-mantell
 #     service_description     Total Processes
 #     check_command           check_nrpe!check_total_procs
 # }
 
 define service {
     use                     generic-service
-    host_name               devaron
+    host_name               ord-mantell
     service_description     Swap Usage
     check_command           check_nrpe!inst_swap
 }
 
 define service {
     use                     generic-service
-    host_name               devaron
+    host_name               ord-mantell
     service_description     Temperature Sensors
     check_command           check_nrpe!abbey_pisensors
 }
@@ -1513,10 +1522,99 @@ rarely powered up.
-
-

4.13. Install Analog

+
+

4.13. Install Munin

+The abbey is experimenting with Munin. NAGIOS is all about notifying +the Sys. Admin. of failed services. Munin is more about tracking +trends in resource usage. +

+ +
+roles_t/abbey-core/tasks/main.yml
+- name: Install Munin.
+  become: yes
+  apt:
+    pkg: munin
+
+- name: Add {{ ansible_user }} to Munin group.
+  become: yes
+  user:
+    name: "{{ ansible_user }}"
+    append: yes
+    groups: munin
+
+- name: Enable network access to Munin.
+  become: yes
+  lineinfile:
+    path: /etc/munin/apache24.conf
+    regexp: '([^#]*)Require'
+    line: '\1Require all granted'
+    backrefs: yes
+  notify: Restart Apache2.
+
+- name: Punt default Munin node.
+  become: yes
+  replace:
+    path: /etc/munin/munin.conf
+    regexp: '^\[localhost.*\n\n'
+
+- name: Configure actual Munin nodes.
+  become: yes
+  copy:
+    content: |
+      [dantooine.birchwood.private]
+          address 127.0.0.1
+
+      [anoat.birchwood.private]
+          address {{ gate_addr }}
+
+      [kessel.birchwood.private]
+          address {{ kessel_addr }}
+
+      [ord-mantell.birchwood.private]
+          address {{ ord_mantell_addr }}
+    dest: /etc/munin/munin-conf.d/zzz-site.cfg
+  notify: Restart Munin.
+
+
+ +

+The core machine's sensors produce some unfortunate measurements. The +next task configures libsensors to ignore them. +

+ +
+roles_t/abbey-core/tasks/main.yml
+- name: Configure core sensors(1).
+  become: yes
+  copy:
+    content: |
+      chip "iwlwifi_1-virtual-0"
+          ignore temp1
+
+      chip "acpitz-acpi-0"
+          ignore temp1
+    dest: /etc/sensors.d/site.conf
+
+
+ +
+roles_t/abbey-core/handlers/main.yml
+- name: Restart Munin.
+  become: yes
+  systemd:
+    service: munin
+    state: restarted
+
+
+
+
+
+

4.14. Install Analog

+
+

The abbey's public web site's access and error logs are emailed regularly to webmaster, who saves them in /Logs/apache2-public/ and runs analog to generate /WWW/campus/analog.html, available to @@ -1569,8 +1667,8 @@ the campus as http://www/analog.html.

-

4.14. Add Monkey to Web Server Group

-
+

4.15. Add Monkey to Web Server Group

+

Monkey needs to be in www-data so that it can run /WWW/live/Photos/Private/cronjob to publish photos from multiple @@ -1592,8 +1690,8 @@ user cloud accounts, found in files owned by www-data, files like

-

4.15. Install netpbm For Photo Processing

-
+

4.16. Install netpbm For Photo Processing

+

Monkey's photo processing scripts use netpbm commands like jpegtopnm. @@ -1609,8 +1707,8 @@ Monkey's photo processing scripts use netpbm commands like

-

4.16. Configure Weather Updates

-
+

4.17. Configure Weather Updates

+

Monkey on Core runs /WWW/campus/Weather/Private/cronjob every 5 minutes and cronjob-midnight at midnight. @@ -1766,21 +1864,25 @@ Birchwood Abbey's cloister is a small institute campus. The campus role configures all campus machines to trust the institute's CA, sync with the campus time server, and forward email to Core. The abbey-cloister role additionally configures cloistered machines to -use the cloister Apt cache, respond to Core's NAGIOS network monitor, -and to install Emacs. There are also a few OS specific tasks, namely -configuration required on Raspberry Pi OS machines. +use the cloister Apt cache, respond to Core's NAGIOS and Munin network +monitors, and to install Emacs. There are also a few OS specific +tasks, namely configuration required on Raspberry Pi OS machines.

Wireless clients are issued keys for the cloister VPN by the ./abbey -client command. This command includes the institutional process -described in The Client Command. The process handles three types of -clients: Android, Debian and Campus. The last type never roams, and -is not associated with a member of the small institute. +client command which is currently identical to the ./inst client +command (described in The Client Command). The wireless, cloistered +hosts never roam, are not associated with a member, and so are +"campus" clients, issued keys with commands like this:

+ +
+./abbey client campus new-host-name
+
-
-

6.1. Use Cloister Apt Cache

+
+

6.1. Use Cloister Apt Cache

The Apt-Cacher:TNG program does not work well on the frontier, so is @@ -1800,7 +1902,7 @@ while. copy: content: > Acquire::http::Proxy - "http://apt-cacher.{{ domain_priv }}.:3142"; + "http://apt-cacher.birchwood.private.:3142"; dest: /etc/apt/apt.conf.d/01proxy mode: u=rw,g=r,o=r @@ -1851,10 +1953,55 @@ Raspberry Pis (architecture aarch64) only.

-
-

6.3. Install Emacs

+
+

6.3. Install Munin Node

+Each cloistered host is a Munin node. +

+ +
+roles_t/abbey-cloister/tasks/main.yml
+- name: Install Munin Node.
+  become: yes
+  apt:
+    pkg: munin-node
+
+- name: Add {{ ansible_user }} to Munin group.
+  become: yes
+  user:
+    name: "{{ ansible_user }}"
+    append: yes
+    groups: munin
+
+
+ +

+Again, one of our cloistered hosts has sensors producing unfortunate +measurements. The next task configures Anoat's libsensors to ignore +them. +

+ +
+roles_t/abbey-cloister/tasks/main.yml
+- name: Configure {{ inventory_hostname }} sensors(1).
+  copy:
+    content: |
+      chip "iwlwifi_1-virtual-0"
+          ignore temp1
+
+      chip "acpitz-acpi-0"
+          ignore temp1
+    dest: /etc/sensors.d/site.conf
+  when: inventory_hostname == 'anoat'
+
+
+
+
+
+

6.4. Install Emacs

+
+

The monks of the abbey are masters of the staff and Emacs.

@@ -1919,7 +2066,7 @@ Listing them (e.g. running owdir /26.nnnnnnnn or owdir below. A test session is shown below.

-
+
 monkey@new$ owdir
 ...
     /26.2153B6000000/
@@ -2355,8 +2502,8 @@ described in the final section, Configure Cameras, bel
-
-

8.4. Include Abbey Variables

+
+

8.4. Include Abbey Variables

Private variables in private/vars-abbey.yml are needed, and included @@ -2518,7 +2665,7 @@ the apg -n 1 -x 12 -m 12 command.

-private/vars-abbey.yml
zoneminder_dbpass:           gakJopbikJadsEdd
+private_ex/vars-abbey.yml
zoneminder_dbpass:           gakJopbikJadsEdd
@@ -2782,8 +2929,8 @@ machine simply by adding it to the tvrs group.

-
-

9.3. Include Abbey Variables

+
+

9.3. Include Abbey Variables

Private variables in private/vars-abbey.yml are needed, as in the @@ -2991,7 +3138,7 @@ kept in private/vars-abbey.yml, and generated e.g. with the apg -n

-private/vars-abbey.yml
mythtv_dbpass:           daJkibpoJkag
+private_ex/vars-abbey.yml
mythtv_dbpass:           daJkibpoJkag
@@ -3329,7 +3476,7 @@ the list of "inputs" available in a postal code typically ends with the OTA (over the air) broadcasts.

-
+
 $ tv_grab_zz_sdjson --configure --config-file .mythtv/Mr.Antenna.xml
 Cache file for lineups, schedules and programs.
 Cache file: [/home/mythtv/.xmltv/tv_grab_zz_sdjson.cache]
@@ -3714,12 +3861,13 @@ except the roles are found in Institute/roles/ as well as roles/.
       ansible_become_password: "{{ become_anoat }}"
     dantooine:
       ansible_become_password: "{{ become_dantooine }}"
-    # WebTVs (Desktops)
-    devaron:
+    # Campus
     kamino:
       ansible_become_password: "{{ become_kamino }}"
     kessel:
       ansible_become_password: "{{ become_kessel }}"
+    ord-mantell:
+      ansible_become_password: "{{ become_ord_mantell }}"
     # Notebooks
     endor:
       ansible_become_password: "{{ become_endor }}"
@@ -3728,7 +3876,7 @@ except the roles are found in Institute/roles/ as well as roles/.
       ansible_user: matt
       ansible_become_password: "{{ become_geonosis }}"
       postfix_mydestination: >-
-        geonosis.{{ domain_priv }}
+        geonosis.birchwood.private
         geonosis
         geonosis.localdomain
         localhost.localdomain
@@ -3746,9 +3894,9 @@ except the roles are found in Institute/roles/ as well as roles/.
     campus:
       hosts:
         anoat:
-        devaron:
         kamino:
         kessel:
+        ord-mantell:
     weather:
       hosts:
         anoat:
@@ -3760,16 +3908,15 @@ except the roles are found in Institute/roles/ as well as roles/.
         dantooine:
     webtvs:
       hosts:
-        kessel:
-        devaron:
         kamino:
+        kessel:
+        ord-mantell:
     notebooks:
       hosts:
         endor:
         geonosis:
     builders:
       hosts:
-        devaron:
         geonosis:
         kamino:
 

@@ -4514,7 +4661,7 @@ interface on new is named wlan0.
 

 
 

-=/etc/network/interfaces.d/wifi
auto wlan0
+/etc/network/interfaces.d/wifi
auto wlan0
 iface wlan0 inet dhcp
     wpa-ssid "Birchwood Abbey"
     wpa-psk "PASSWORD"
@@ -4839,7 +4986,7 @@ to private/db.campus_vpn.)
 

 

 
Author: Matt Birkholz

-
Created: 2024-05-08 Wed 14:38

+
Created: 2024-09-03 Tue 08:46

 
Validate

 

 
-- 
2.47.3