forked from ISTI-ansible-roles/ansible-roles
library/roles/ganglia: Change templates and defaults to support an unicast configuration.
library/roles/iptables: Rules to support a ganglia configuration that runs over unicast and not multicast.
This commit is contained in:
parent
2500422287
commit
487572aa6e
|
@ -5,8 +5,12 @@
|
||||||
#ganglia_gmond_cluster_port: 8649
|
#ganglia_gmond_cluster_port: 8649
|
||||||
#ganglia_gmond_mcast_addr: 239.2.11.71
|
#ganglia_gmond_mcast_addr: 239.2.11.71
|
||||||
#ganglia_gmetad_host: ganglia-gmetad
|
#ganglia_gmetad_host: ganglia-gmetad
|
||||||
ganglia_gmond_send_metadata_interval: 60
|
ganglia_gmond_send_metadata_interval: 30
|
||||||
# Needed to build the correct firewall rules when jmxtrans is in use
|
# Needed to build the correct firewall rules when jmxtrans is in use
|
||||||
ganglia_gmond_use_jmxtrans: False
|
ganglia_gmond_use_jmxtrans: False
|
||||||
# Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not.
|
# Used by other roles to install specific ganglia iptables rules or some specific ganglia plugins. Or not.
|
||||||
ganglia_enabled: False
|
ganglia_enabled: False
|
||||||
|
ganglia_unicast_mode: False
|
||||||
|
ganglia_unicast_networks:
|
||||||
|
- 0.0.0.0/0
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
tags: [ 'monitoring', 'ganglia' ]
|
tags: [ 'monitoring', 'ganglia' ]
|
||||||
|
|
||||||
- name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6
|
- name: Distribute the ganglia configuration file for Ubuntu < 12.04 and >= 10.04 and Debian 6
|
||||||
template: src=gmond-3.1.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444
|
template: src=gmond.j2 dest=/etc/ganglia/gmond.conf owner=root group=root mode=444
|
||||||
when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
|
when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
|
||||||
notify: Restart ganglia monitor
|
notify: Restart ganglia monitor
|
||||||
tags: [ 'monitoring', 'ganglia' ]
|
tags: [ 'monitoring', 'ganglia' ]
|
||||||
|
|
|
@ -32,8 +32,9 @@ host {
|
||||||
|
|
||||||
/* Feel free to specify as many udp_send_channels as you like. Gmond
|
/* Feel free to specify as many udp_send_channels as you like. Gmond
|
||||||
used to only support having a single channel */
|
used to only support having a single channel */
|
||||||
|
{% if not ganglia_unicast_mode %}
|
||||||
udp_send_channel {
|
udp_send_channel {
|
||||||
bind_hostname = yes
|
#bind_hostname = yes
|
||||||
mcast_join = {{ ganglia_gmond_mcast_addr }}
|
mcast_join = {{ ganglia_gmond_mcast_addr }}
|
||||||
port = {{ ganglia_gmond_cluster_port }}
|
port = {{ ganglia_gmond_cluster_port }}
|
||||||
ttl = 1
|
ttl = 1
|
||||||
|
@ -45,10 +46,19 @@ udp_recv_channel {
|
||||||
port = {{ ganglia_gmond_cluster_port }}
|
port = {{ ganglia_gmond_cluster_port }}
|
||||||
}
|
}
|
||||||
|
|
||||||
udp_recv_channel {
|
{% else %}
|
||||||
bind = {{ ansible_fqdn }}
|
{% for host in ganglia_gmetad_sources %}
|
||||||
|
udp_send_channel {
|
||||||
|
host = {{ host }}
|
||||||
port = {{ ganglia_gmond_cluster_port }}
|
port = {{ ganglia_gmond_cluster_port }}
|
||||||
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
|
udp_recv_channel {
|
||||||
|
port = {{ ganglia_gmond_cluster_port }}
|
||||||
|
}
|
||||||
|
|
||||||
/* You can specify as many tcp_accept_channels as you like to share
|
/* You can specify as many tcp_accept_channels as you like to share
|
||||||
an xml description of the state of the cluster */
|
an xml description of the state of the cluster */
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
- rules.v4
|
- rules.v4
|
||||||
- rules.v6
|
- rules.v6
|
||||||
when: is_precise
|
when: is_precise
|
||||||
notify: Start the iptables service
|
register: install_iptables_rules_precise
|
||||||
tags: [ 'iptables', 'iptables_rules' ]
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
|
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
|
||||||
|
@ -34,7 +34,7 @@
|
||||||
- rules.v4
|
- rules.v4
|
||||||
- rules.v6
|
- rules.v6
|
||||||
when: is_trusty
|
when: is_trusty
|
||||||
register: install_iptables_rules
|
register: install_iptables_rules_trusty
|
||||||
tags: [ 'iptables', 'iptables_rules' ]
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
|
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
|
||||||
|
@ -43,7 +43,7 @@
|
||||||
- rules.v4
|
- rules.v4
|
||||||
- rules.v6
|
- rules.v6
|
||||||
when: is_debian7
|
when: is_debian7
|
||||||
register: install_iptables_rules
|
register: install_iptables_rules_deb7
|
||||||
tags: [ 'iptables', 'iptables_rules' ]
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
|
- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
|
||||||
|
@ -55,10 +55,22 @@
|
||||||
register: install_netfilter_rules
|
register: install_netfilter_rules
|
||||||
tags: [ 'iptables', 'iptables_rules' ]
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks
|
- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu precise. This can have an impact on other tasks
|
||||||
service: name=iptables-persistent state=restarted enabled=yes
|
service: name=iptables-persistent state=restarted enabled=yes
|
||||||
notify: Restart fail2ban
|
notify: Restart fail2ban
|
||||||
when: ( install_iptables_rules | changed )
|
when: ( install_iptables_rules_precise | changed )
|
||||||
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
|
- name: Start the iptables service immediately after the new rules have been installed, on Ubuntu Trusty. This can have an impact on other tasks
|
||||||
|
service: name=iptables-persistent state=restarted enabled=yes
|
||||||
|
notify: Restart fail2ban
|
||||||
|
when: ( install_iptables_rules_trusty | changed )
|
||||||
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
|
- name: Start the iptables service immediately after the new rules have been installed, on Debian 7. This can have an impact on other tasks
|
||||||
|
service: name=iptables-persistent state=restarted enabled=yes
|
||||||
|
notify: Restart fail2ban
|
||||||
|
when: ( install_iptables_rules_deb7 | changed )
|
||||||
tags: [ 'iptables', 'iptables_rules' ]
|
tags: [ 'iptables', 'iptables_rules' ]
|
||||||
|
|
||||||
- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
|
- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
|
||||||
|
|
|
@ -178,12 +178,18 @@
|
||||||
{% if ganglia_enabled %}
|
{% if ganglia_enabled %}
|
||||||
{% if ganglia_gmond_cluster_port is defined %}
|
{% if ganglia_gmond_cluster_port is defined %}
|
||||||
# Ganglia
|
# Ganglia
|
||||||
|
{% if not ganglia_unicast_mode %}
|
||||||
{% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %}
|
{% if ganglia_gmond_use_jmxtrans is not defined or not ganglia_gmond_use_jmxtrans %}
|
||||||
-A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT
|
-A INPUT -m pkttype --pkt-type multicast -d {{ ganglia_gmond_mcast_addr }} -j ACCEPT
|
||||||
{% else %}
|
{% else %}
|
||||||
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
|
||||||
-A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
-A INPUT -p udp -m udp -d {{ ganglia_gmond_mcast_addr }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% else %}
|
||||||
|
{% for net in ganglia_unicast_networks %}
|
||||||
|
-A INPUT -p udp -m udp -s {{ net }} --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
-A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
-A INPUT -m state --state NEW -s {{ ganglia_gmetad_host }} -p tcp -m tcp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
||||||
-A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
-A INPUT -s {{ ganglia_gmetad_host }} -p udp -m udp --dport {{ ganglia_gmond_cluster_port }} -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue