library/roles/ganglia: Change templates and defaults to support an unicast configuration.

library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
2016-07-12 19:15:00 +02:00 · 2016-07-12 19:15:00 +02:00 · 487572aa6e
parent 2500422287
commit 487572aa6e
5 changed files with 42 additions and 10 deletions
--- a/ganglia/defaults/main.yml
+++ b/ganglia/defaults/main.yml
@ -5,8 +5,12 @@
 #ganglia_gmond_cluster_port: 8649
 #ganglia_gmond_mcast_addr: 239.2.11.71
 #ganglia_gmetad_host: ganglia-gmetad
-ganglia_gmond_send_metadata_interval: 60
+ganglia_gmond_send_metadata_interval: 30
 # Needed to build the correct firewall rules when jmxtrans is in use
 ganglia_gmond_use_jmxtrans: False
 # Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not.
 ganglia_enabled: False
+ganglia_unicast_mode: False
+ganglia_unicast_networks:
+  - 0.0.0.0/0
+
--- a/ganglia/tasks/main.yml
+++ b/ganglia/tasks/main.yml
@ -45,7 +45,7 @@
  tags: [ 'monitoring', 'ganglia' ]

 - name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6
-  template: src=gmond-3.1.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444
+  template: src=gmond.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444
  when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
  notify: Restart ganglia monitor
  tags: [ 'monitoring', 'ganglia' ]
--- a/ganglia/templates/gmond.j2
+++ b/ganglia/templates/gmond.j2
@ -32,8 +32,9 @@ host {

 /* Feel free to specify as many udp_send_channels as you like.  Gmond 
   used to only support having a single channel */ 
+{% if not ganglia_unicast_mode %}
 udp_send_channel { 
-  bind_hostname = yes
+  #bind_hostname = yes
  mcast_join = {{ ganglia_gmond_mcast_addr }}
  port = {{ ganglia_gmond_cluster_port }} 
  ttl = 1 
@ -45,10 +46,19 @@ udp_recv_channel {
  port = {{ ganglia_gmond_cluster_port }} 
 } 

-udp_recv_channel { 
-  bind = {{ ansible_fqdn }}
+{% else %}
+{% for host in ganglia_gmetad_sources %}
+udp_send_channel { 
+  host = {{ host }}
  port = {{ ganglia_gmond_cluster_port }} 
+  ttl = 1 
 } 
+{% endfor %}
+
+{% endif %}
+udp_recv_channel { 
+  port = {{ ganglia_gmond_cluster_port }} 
+}

 /* You can specify as many tcp_accept_channels as you like to share 
   an xml description of the state of the cluster */ 
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@ -25,7 +25,7 @@
    - rules.v4
    - rules.v6
  when: is_precise
-  notify: Start the iptables service
+  register: install_iptables_rules_precise
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
@ -34,7 +34,7 @@
    - rules.v4
    - rules.v6
  when: is_trusty
-  register: install_iptables_rules
+  register: install_iptables_rules_trusty
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
@ -43,7 +43,7 @@
    - rules.v4
    - rules.v6
  when: is_debian7
-  register: install_iptables_rules
+  register: install_iptables_rules_deb7
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
@ -55,10 +55,22 @@
  register: install_netfilter_rules
  tags: [ 'iptables', 'iptables_rules' ]

- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks
+- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks
  service: name=iptables-persistent state=restarted enabled=yes
  notify: Restart fail2ban
-  when: ( install_iptables_rules | changed )
+  when: ( install_iptables_rules_precise | changed )
+  tags: [ 'iptables', 'iptables_rules' ]
+
+- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu Trusty. This can have an impact on other tasks
+  service: name=iptables-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_iptables_rules_trusty | changed )
+  tags: [ 'iptables', 'iptables_rules' ]
+
+- name: Start the iptables service immediately after the new rules have been installed, on Debian 7. This can have an impact on other tasks
+  service: name=iptables-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_iptables_rules_deb7 | changed )
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@ -178,12 +178,18 @@
 {% if ganglia_enabled %}
 {% if ganglia_gmond_cluster_port is defined %}
 # Ganglia
+{% if not ganglia_unicast_mode %}
 {% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %}
 -A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT
 {% else %}
 -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
 -A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
 {% endif %}
+{% else %}
+{% for net in ganglia_unicast_networks %}
+-A INPUT -p udp -m udp -s {{ net }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
+{% endfor %}
+{% endif %}
 -A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
 -A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }}  -j ACCEPT
 {% endif %}