library/roles/ganglia: Change templates and defaults to support an unicast configuration.

library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
This commit is contained in:
Andrea Dell'Amico 2016-07-12 19:15:00 +02:00
parent 2500422287
commit 487572aa6e
5 changed files with 42 additions and 10 deletions

View File

@ -5,8 +5,12 @@
#ganglia_gmond_cluster_port: 8649 #ganglia_gmond_cluster_port: 8649
#ganglia_gmond_mcast_addr: 239.2.11.71 #ganglia_gmond_mcast_addr: 239.2.11.71
#ganglia_gmetad_host: ganglia-gmetad #ganglia_gmetad_host: ganglia-gmetad
ganglia_gmond_send_metadata_interval: 60 ganglia_gmond_send_metadata_interval: 30
# Needed to build the correct firewall rules when jmxtrans is in use # Needed to build the correct firewall rules when jmxtrans is in use
ganglia_gmond_use_jmxtrans: False ganglia_gmond_use_jmxtrans: False
# Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not. # Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not.
ganglia_enabled: False ganglia_enabled: False
ganglia_unicast_mode: False
ganglia_unicast_networks:
- 0.0.0.0/0

View File

@ -45,7 +45,7 @@
tags: [ 'monitoring', 'ganglia' ] tags: [ 'monitoring', 'ganglia' ]
- name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6 - name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6
template: src=gmond-3.1.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444 template: src=gmond.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444
when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6 when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
notify: Restart ganglia monitor notify: Restart ganglia monitor
tags: [ 'monitoring', 'ganglia' ] tags: [ 'monitoring', 'ganglia' ]

View File

@ -32,8 +32,9 @@ host {
/* Feel free to specify as many udp_send_channels as you like. Gmond /* Feel free to specify as many udp_send_channels as you like. Gmond
used to only support having a single channel */ used to only support having a single channel */
{% if not ganglia_unicast_mode %}
udp_send_channel { udp_send_channel {
bind_hostname = yes #bind_hostname = yes
mcast_join = {{ ganglia_gmond_mcast_addr }} mcast_join = {{ ganglia_gmond_mcast_addr }}
port = {{ ganglia_gmond_cluster_port }} port = {{ ganglia_gmond_cluster_port }}
ttl = 1 ttl = 1
@ -45,10 +46,19 @@ udp_recv_channel {
port = {{ ganglia_gmond_cluster_port }} port = {{ ganglia_gmond_cluster_port }}
} }
udp_recv_channel { {% else %}
bind = {{ ansible_fqdn }} {% for host in ganglia_gmetad_sources %}
udp_send_channel {
host = {{ host }}
port = {{ ganglia_gmond_cluster_port }} port = {{ ganglia_gmond_cluster_port }}
ttl = 1
} }
{% endfor %}
{% endif %}
udp_recv_channel {
port = {{ ganglia_gmond_cluster_port }}
}
/* You can specify as many tcp_accept_channels as you like to share /* You can specify as many tcp_accept_channels as you like to share
an xml description of the state of the cluster */ an xml description of the state of the cluster */

View File

@ -25,7 +25,7 @@
- rules.v4 - rules.v4
- rules.v6 - rules.v6
when: is_precise when: is_precise
notify: Start the iptables service register: install_iptables_rules_precise
tags: [ 'iptables', 'iptables_rules' ] tags: [ 'iptables', 'iptables_rules' ]
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
@ -34,7 +34,7 @@
- rules.v4 - rules.v4
- rules.v6 - rules.v6
when: is_trusty when: is_trusty
register: install_iptables_rules register: install_iptables_rules_trusty
tags: [ 'iptables', 'iptables_rules' ] tags: [ 'iptables', 'iptables_rules' ]
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
@ -43,7 +43,7 @@
- rules.v4 - rules.v4
- rules.v6 - rules.v6
when: is_debian7 when: is_debian7
register: install_iptables_rules register: install_iptables_rules_deb7
tags: [ 'iptables', 'iptables_rules' ] tags: [ 'iptables', 'iptables_rules' ]
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
@ -55,10 +55,22 @@
register: install_netfilter_rules register: install_netfilter_rules
tags: [ 'iptables', 'iptables_rules' ] tags: [ 'iptables', 'iptables_rules' ]
- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks - name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks
service: name=iptables-persistent state=restarted enabled=yes service: name=iptables-persistent state=restarted enabled=yes
notify: Restart fail2ban notify: Restart fail2ban
when: ( install_iptables_rules | changed ) when: ( install_iptables_rules_precise | changed )
tags: [ 'iptables', 'iptables_rules' ]
- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu Trusty. This can have an impact on other tasks
service: name=iptables-persistent state=restarted enabled=yes
notify: Restart fail2ban
when: ( install_iptables_rules_trusty | changed )
tags: [ 'iptables', 'iptables_rules' ]
- name: Start the iptables service immediately after the new rules have been installed, on Debian 7. This can have an impact on other tasks
service: name=iptables-persistent state=restarted enabled=yes
notify: Restart fail2ban
when: ( install_iptables_rules_deb7 | changed )
tags: [ 'iptables', 'iptables_rules' ] tags: [ 'iptables', 'iptables_rules' ]
- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks - name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks

View File

@ -178,12 +178,18 @@
{% if ganglia_enabled %} {% if ganglia_enabled %}
{% if ganglia_gmond_cluster_port is defined %} {% if ganglia_gmond_cluster_port is defined %}
# Ganglia # Ganglia
{% if not ganglia_unicast_mode %}
{% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %} {% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %}
-A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT -A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT
{% else %} {% else %}
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT -A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
{% endif %} {% endif %}
{% else %}
{% for net in ganglia_unicast_networks %}
-A INPUT -p udp -m udp -s {{ net }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
{% endfor %}
{% endif %}
-A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT -A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
-A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT -A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
{% endif %} {% endif %}