From 2a677d0bf2358a0c4d9c12c12b66373d2e2ac0b6 Mon Sep 17 00:00:00 2001 From: kbcz1989 Date: Wed, 2 Nov 2022 09:15:17 +0100 Subject: [PATCH] initial import --- README.md | 38 +++++ defaults/main.yml | 217 +++++++++++++++++++++++++++ handlers/main.yml | 11 ++ meta/main.yml | 203 +++++++++++++++++++++++++ molecule/default/converge.yml | 12 ++ molecule/default/molecule.yml | 31 ++++ molecule/default/requirements.yml | 10 ++ molecule/default/verify.yml | 10 ++ requirements.yml | 10 ++ tasks/librenms-config.yml | 87 +++++++++++ tasks/librenms-install.yml | 135 +++++++++++++++++ tasks/librenms-postinst.yml | 15 ++ tasks/librenms-socialite.yml | 92 ++++++++++++ tasks/main.yml | 46 ++++++ tasks/nagios_plugins.yml | 7 + tasks/packages.yml | 17 +++ tasks/rrdcached.yml | 38 +++++ tasks/user.yml | 27 ++++ templates/etc/varnish/default.vcl.j2 | 77 ++++++++++ templates/opt/librenms/config.php.j2 | 109 ++++++++++++++ tests/inventory | 2 + tests/test.yml | 5 + vars/main.yml | 2 + 23 files changed, 1201 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/requirements.yml create mode 100644 molecule/default/verify.yml create mode 100644 requirements.yml create mode 100644 tasks/librenms-config.yml create mode 100644 tasks/librenms-install.yml create mode 100644 tasks/librenms-postinst.yml create mode 100644 tasks/librenms-socialite.yml create mode 100644 tasks/main.yml create mode 100644 tasks/nagios_plugins.yml create mode 100644 tasks/packages.yml create mode 100644 tasks/rrdcached.yml create mode 100644 tasks/user.yml create mode 100644 templates/etc/varnish/default.vcl.j2 create mode 100644 templates/opt/librenms/config.php.j2 create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..38e1e52 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,217 @@ +--- +# defaults file for ansible-role-librenms +# packages to install +librenms_packages: + - acl + - curl + - composer + - fping + - git + - graphviz + - imagemagick + - mtr-tiny + - nmap + - rrdtool + - snmp + - snmpd + - whois + - python3-pymysql + - python3-dotenv + - python3-redis + - python3-setuptools + - python3-systemd + - python3-pip + +# User and group to create with home directory +librenms_user: librenms +librenms_home: /opt/librenms +librenms_group: "{{ librenms_user }}" + +# SQL database to create +librenms_sql_databases: + - name: librenms + encoding: utf8mb4 + collation: utf8mb4_unicode_ci + +# SQL database password, must be set +# librenms_sql_db_password: + +# SQL Users to create +librenms_sql_users: + - name: librenms + password: "{{ librenms_sql_db_password | default('TYkjTw2S9aWpMnyu', true) }}" + priv: "librenms.*:ALL" + +# Default admin user and password +librenms_admin_user: admin + +# only set once during installation +librenms_admin_password: admin + +# The auth mechanism to use (mysql, ldap) +librenms_config_auth_mechanism: mysql + +# The librenms baseurl +librenms_config_base_url: "http://{{ librenms_config_mydomain }}" + +# The librenms domain +librenms_config_mydomain: "{{ inventory_hostname }}" + +# Ignore interfaces +librenms_config_bad_if_regexps: + - '/^docker[\w]+$/' + - '/^lxcbr[0-9]+$/' + - '/^fwln.+$/' + - '/^fwpr.+$/' + - '/^fwbr.+$/' + - '/^br.+$/' + - '/^veth.*$/' + - '/^virbr.*$/' + - '/^lo$/' + - '/^sit.*$/' + - '/^dummy.*$/' +# - '/^macvtap.*$/' +# - '/tun[0-9]+$/' + +# Ignore the following mounts +librenms_ignore_mounts: + # common + - /run + - /run/lock + - /sys/fs/cgroup + - /dev/shm + # pve + - /boot/efi + # synology + - /tmp + # thecus + - /rom + - /syslog + - /var + - /etc + +# Ignore the following mounts (regex) +librenms_ignore_mounts_regexp: [] +# e.g. +# +# # jenkins and jenkins nodes +# - /^\/run\/user\/\d+/ +# # NFS mount points on thecus +# - /^\/raid\d+\/data\/_NAS_NFS_Exports_\/.+/ +# # Thecus raidsys +# - /^\/raidsys\/\d+/ + +# Path to the rrdached socket. +librenms_rrdcached: unix:/var/run/rrdcached.sock +librenms_rrdcached_settings: + - key: WRITE_TIMEOUT + value: 1800 + - key: WRITE_JITTER + value: 1800 + - key: WRITE_THREADS + value: 4 + - key: BASE_PATH + value: "{{ librenms_home}}/rrd/" + - key: SOCKGROUP + value: librenms + - key: DAEMON_GROUP + value: librenms + - key: DAEMON_USER + value: librenms + - key: BASE_OPTIONS + value: "-B -F -R" + +# The rrdtool version that is used +librenms_rrdtool_version: 1.7.0 + +# Networks for autodiscovery +librenms_config_nets: [] +# - 192.168.10.0/24 + +# snmp configuration +librenms_config_snmp_timeout: 1 +librenms_config_snmp_retries: 3 +librenms_config_snmp_community: community +librenms_config_snmp_authlevel: authPriv +# must be set! +# librenms_config_snmp_authname: # "snmp-user" +# librenms_config_snmp_authpass: # "snmp-password" +# librenms_config_snmp_cryptopass: # "snmp-encryption" + +# When set to true ldap is configured and the other ldap variables must be set +librenms_config_ldap: false +# The server to use +librenms_config_auth_ldap_server: # e.g. ldap.main.corp +# The server to use +librenms_config_auth_ldap_suffix: # e.g. "ou=users,ou=location,dc=main,dc=corp" +librenms_config_auth_ldap_groupbase: # e.g. "ou=groups,ou=location,dc=main,dc=corp" +librenms_config_auth_ldap_group: # e.g. "cn=all,ou=groups,ou=location,dc=main,dc=corp" +librenms_config_auth_ldap_binddn: # e.g. "uid=ldapbind,ou=system,ou=location,dc=main,dc=corp" +librenms_config_auth_ldap_bindpassword: # e.g. "password_from_ldapbinduser" + +# Enables, disables proxmox in librenms +librenms_config_enable_proxmox: 1 + +# Enables/Disables influxdb feature +librenms_config_influxdb_enable: false +# The influxdb host +librenms_config_influxdb_host: +# The influxdb port +librenms_config_influxdb_port: 8006 +# The influxdb database to use +librenms_config_influxdb_db: librenms +# The username for the influxdb +librenms_config_influxdb_username: librenms +# The password for the influxdb +librenms_config_influxdb_password: librenms + +librenms_nagios_plugins_dir: /usr/lib/nagios/plugins + +librenms_nagios_plugins: + - url: https://gist.githubusercontent.com/tobias-richter/5d73a0bab773ee24f01a93cea20059d9/raw/df17577e2bade03fa5068c5571b5bbb2e6cff6d2/check_mdraid_mismatch + name: check_mdraid_mismatch + +librenms_git_tag: + +librenms_environment_settings: + - old_line: "^#DB_HOST=" + new_line: "DB_HOST=localhost" + - old_line: "^#DB_DATABASE=" + new_line: "DB_DATABASE={{ librenms_sql_databases[0].name }}" + - old_line: "^#DB_USERNAME=" + new_line: "DB_USERNAME={{ librenms_sql_users[0].name }}" + - old_line: "^#DB_PASSWORD=" + new_line: "DB_PASSWORD={{ librenms_sql_db_password }}" + - old_line: "^#APP_URL=" + new_line: "APP_URL=http://{{ librenms_config_mydomain }}" + +librenms_custom_config: + +librenms_install_mysql: true +librenms_install_php: true +librenms_install_apache: true +librenms_install_snmp: true +librenms_install_varnish: false + +varnish_version: "7.1" +varnish_secret: "14bac2e6-1e34-4770-8078-974373b76c90" +varnish_storage: "malloc,512M" +varnishd_extra_options: "-p thread_pool_min=5 -p thread_pool_max=500 -p thread_pool_timeout=300" +varnish_default_vcl_template_path: etc/varnish/default.vcl.j2 + +librenms_socialite_providers: +librenms_socialite_plugins_saml2_metadata_url: + +librenms_socialite_settings: +# register: "false" +# redirect: "false" +librenms_socialite_microsoft_plugin_install: false +librenms_socialite_microsoft_plugin_settings: +# client_id: +# client_secret: +# tenant: +librenms_socialite_saml_plugin_install: false +librenms_socialite_saml_plugin_settings: +# metadata: + +librenms_postinst_config: [] diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..e7cd08b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for ansible-role-librenms +- name: restart apache + service: + name: "apache2" + state: "restarted" + +- name: restart rrdcached + service: + name: "rrdcached" + state: "restarted" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..b112c69 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,203 @@ +--- +galaxy_info: + author: kbcz1989 + description: Ansible Role for setting up and managing librenms. + license: MIT + min_ansible_version: 2.7 + + platforms: + - name: Ubuntu + versions: + - focal + + galaxy_tags: + - librenms + - monitoring + - snmp + +dependencies: + - role: geerlingguy.mysql + vars: + mysql_packages: + - mariadb-client + - mariadb-server + - python3-mysqldb + mysql_databases: "{{ librenms_sql_databases }}" + mysql_users: "{{ librenms_sql_users }}" + mysql_bind_address: '127.0.0.1' + mysql_innodb_file_per_table: "1" + mysql_lower_case_table_names: "0" + when: librenms_install_mysql | default(false, true) + tags: mysql + +# - role: geerlingguy.php +# vars: +# php_enable_php_fpm: true +# php_fpm_state: started +# php_fpm_enabled_on_boot: true +# php_fpm_handler_state: restarted +# php_fpm_pools: +# - pool_name: librenms +# pool_template: www.conf.j2 +# pool_listen: "/run/php-fpm-librenms.sock" +# pool_listen_allowed_clients: "127.0.0.1" +# pool_pm: dynamic +# pool_pm_max_children: 5 +# pool_pm_start_servers: 2 +# pool_pm_min_spare_servers: 1 +# pool_pm_max_spare_servers: 3 +# pool_pm_max_requests: 500 +# php_fpm_pool_user: "{{ librenms_user }}" +# php_fpm_pool_group: "{{ librenms_group }}" +# php_date_timezone: "Europe/Stockholm" +# php_packages_extra: +# - php7.4-gmp +# - php7.4-mysql +# - php7.4-snmp +# - php7.4-zip +# when: librenms_install_php | default(false, true) +# tags: php + + - role: geerlingguy.apache + vars: + apache_remove_default_vhost: true + apache_allow_override: "All" + apache_options: "-Indexes +FollowSymLinks" + apache_mods_enabled: + - proxy_fcgi + - setenvif + - rewrite + - proxy + - ssl + apache_vhosts: + - servername: "{{ ansible_fqdn }}" + documentroot: "/var/www/html" + extra_parameters: | + + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] + + apache_vhosts_ssl: + - servername: "{{ ansible_fqdn }}" + documentroot: "{{ librenms_home }}/html/" + certificate_file: "/etc/ssl/certs/ssl-cert-snakeoil.pem" + certificate_key_file: "/etc/ssl/private/ssl-cert-snakeoil.key" + extra_parameters: | + AllowEncodedSlashes NoDecode + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + # Enable http authorization headers + + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + + SetHandler "proxy:unix:/run/php-fpm-librenms.sock|fcgi://localhost" + + when: + - librenms_install_apache | default(false, true) + - not librenms_install_varnish + tags: apache + + - role: geerlingguy.apache + vars: + apache_remove_default_vhost: true + apache_allow_override: "All" + apache_options: "-Indexes +FollowSymLinks" + apache_mods_enabled: + - proxy_fcgi + - setenvif + - rewrite + - proxy + - ssl + - headers + - proxy_http + apache_listen_port: 8080 + apache_vhosts: + - servername: "{{ ansible_fqdn }}" + documentroot: "{{ librenms_home }}/html/" + extra_parameters: | + AllowEncodedSlashes NoDecode + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + # Enable http authorization headers + + SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 + + + + SetHandler "proxy:unix:/run/php-fpm-librenms.sock|fcgi://localhost" + + + apache_vhosts_ssl: + - servername: "{{ ansible_fqdn }}" + certificate_file: "/etc/ssl/certs/ssl-cert-snakeoil.pem" + certificate_key_file: "/etc/ssl/private/ssl-cert-snakeoil.key" + extra_parameters: | + RequestHeader set X-Forwarded-Proto "https" + ProxyPreserveHost On + ProxyPass / http://127.0.0.1:80/ + ProxyPassReverse / http://127.0.0.1:80/ + when: + - librenms_install_apache | default(false, true) + - librenms_install_varnish + tags: apache + + - role: ansible-role-snmp + vars: + snmp_install: true + snmp_manage_config: true + snmp_syslocation: "Rack, Room, Building, City, Country [Lat, Lon]" + snmp_syscontact: Your Name + snmp_security_names: + - name: readonly + source: default + community: RANDOMSTRINGGOESHERE + snmp_groups: + - name: MyROGroup + security_model: v2c + security_name: readonly + snmp_accesses: + - group: MyROGroup + context: "" + security_model: any + security_level: noauth + prefix: exact + read: all + write: none + notif: none + snmp_views: + - name: all + type: included + subtree: ".1" + snmp_custom_config: | + extend distro /usr/bin/distro + extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name' + extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor' + extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial' + extend osupdate /usr/bin/osupdate + snmp_download_files: + - name: distro + url: https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro + path: /usr/bin/distro + mode: '0755' + - name: osupdate + url: https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate + path: /usr/bin/osupdate + mode: '0755' + snmp_set_product_serial_permissions: true + when: librenms_install_snmp | default(false, true) + tags: snmp + + - role: geerlingguy.varnish + when: librenms_install_varnish | default(false, true) + tags: varnish diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..80a2633 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,12 @@ +--- +- name: Converge + hosts: all + tasks: + # replace these tasks with whatever you find suitable to test + - name: Copy something to test use of synchronize module + ansible.builtin.copy: + src: /etc/hosts + dest: /tmp/hosts-from-controller + - name: "Include kbcz1989.librenms" + ansible.builtin.include_role: + name: "librenms" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..7697728 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy +driver: + name: podman +platforms: + - name: ubuntu + image: geerlingguy/docker-ubuntu2004-ansible + tmpfs: + - /run + - /tmp + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + capabilities: + - SYS_ADMIN + command: "/lib/systemd/systemd" + pre_build_image: true +provisioner: + name: ansible + config_options: + defaults: + interpreter_python: auto_silent + callback_whitelist: profile_tasks, timer, yaml + ssh_connection: + pipelining: false +verifier: + name: ansible +lint: | + set -e + yamllint . + ansible-lint . diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml new file mode 100644 index 0000000..d1e1a30 --- /dev/null +++ b/molecule/default/requirements.yml @@ -0,0 +1,10 @@ +- name: ansible-role-snmp + src: https://github.com/kbcz1989/ansible-role-snmp.git + version: v1.1.0 +- name: ansible-role-ntp + src: https://github.com/geerlingguy/ansible-role-ntp.git + version: efef608db8a0e729c0635fd5fe36902705796f63 +- name: geerlingguy.mysql +- name: geerlingguy.php +- name: geerlingguy.apache +- name: geerlingguy.varnish diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..79044cd --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,10 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Example assertion + assert: + that: true diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..d1e1a30 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,10 @@ +- name: ansible-role-snmp + src: https://github.com/kbcz1989/ansible-role-snmp.git + version: v1.1.0 +- name: ansible-role-ntp + src: https://github.com/geerlingguy/ansible-role-ntp.git + version: efef608db8a0e729c0635fd5fe36902705796f63 +- name: geerlingguy.mysql +- name: geerlingguy.php +- name: geerlingguy.apache +- name: geerlingguy.varnish diff --git a/tasks/librenms-config.yml b/tasks/librenms-config.yml new file mode 100644 index 0000000..bc6bad2 --- /dev/null +++ b/tasks/librenms-config.yml @@ -0,0 +1,87 @@ +--- +- name: Update environment settings in "{{ librenms_home }}/.env" + lineinfile: + path: "{{ librenms_home }}/.env" + regex: "{{ item.old_line }}" + line: "{{ item.new_line }}" + with_items: "{{ librenms_environment_settings }}" + no_log: true + +- name: Build DB + become: True + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: lnms migrate --force + args: + chdir: "{{ librenms_home }}" + register: build_db + changed_when: "'Nothing to migrate.' not in build_db.stdout" + tags: + - build_db + +- name: Create admin user and password. + command: "./adduser.php {{ librenms_admin_user }} {{ librenms_admin_password }} 10" + args: + chdir: "{{ librenms_home }}" + become_user: "{{ librenms_user }}" + become: true + register: librenms_admin_user + changed_when: "'User admin already exists!' not in librenms_admin_user.stdout" + tags: + - librenms_admin_user + +- name: Deploy config.php + template: + src: opt/librenms/config.php.j2 + dest: "{{ librenms_home }}/config.php" + owner: "{{ librenms_user }}" + group: "{{ librenms_group }}" + mode: 0640 + tags: + - config.php + notify: + - restart apache + +- name: Delete "INSTALL=true" in "{{ librenms_home }}/.env" + lineinfile: + path: "{{ librenms_home }}/.env" + line: "INSTALL=true" + state: absent + tags: + - delete_INSTALL + +- name: Load distribution cron file + slurp: + src: "{{ librenms_home }}/librenms.nonroot.cron" + register: distribution_cron + tags: + - cronjob + +- name: Deploy librenms cronjob + copy: + content: "{{ distribution_cron.content | b64decode | replace('/opt/librenms', librenms_home) }}" + dest: /etc/cron.d/librenms + mode: 0644 + force: no + become: true + tags: + - cronjob + +- name: Load distribution logrotate file + slurp: + src: "{{ librenms_home }}/misc/librenms.logrotate" + register: distribution_logrotate + tags: + - logrotate + +- name: Deploy librenms logrotate + copy: + content: "{{ distribution_logrotate.content | b64decode | replace('/opt/librenms', librenms_home) }}" + dest: /etc/logrotate.d/librenms + mode: 0644 + force: no + become: true + tags: + - logrotate + diff --git a/tasks/librenms-install.yml b/tasks/librenms-install.yml new file mode 100644 index 0000000..62bb796 --- /dev/null +++ b/tasks/librenms-install.yml @@ -0,0 +1,135 @@ +--- +- name: Check if librenms is already installed + stat: + path: "{{ librenms_home }}/.git" + register: __librenms_path + tags: + - git_clone + +- name: Get latest librenms release + uri: + url: https://api.github.com/repos/librenms/librenms/releases/latest + return_content: true + delegate_to: localhost + register: json_response + become: false + run_once: true + when: not librenms_git_tag + tags: + - git_clone + +- name: Create librenms home + ansible.builtin.file: + path: "{{ librenms_home }}" + state: directory + mode: '0771' + owner: "{{ librenms_user }}" + group: "{{ librenms_group }}" + tags: + - git_clone + - create_home + +- name: Clone librenms repo + git: + repo: https://github.com/librenms/librenms.git + dest: "{{ librenms_home }}" + version: "{{ librenms_git_tag | default(json_response.json.tag_name, true) }}" + become: true + become_user: "{{ librenms_user }}" + vars: + ansible_remote_tmp: /tmp/ansible_librenms_clone_repo + when: not __librenms_path.stat.exists + tags: + - git_clone + +- name: Change ownership + file: + path: "{{ librenms_home }}" + owner: "{{ librenms_user }}" + group: "{{ librenms_group }}" + recurse: true + tags: + - ownership + +- name: "Apply permissions on {{ librenms_home }}" + file: + path: "{{ librenms_home }}" + mode: u=rwX,g=rwX + tags: + - permissions + +- name: Set acls + acl: + default: "{{ item.default | default(false) }}" + path: "{{ item.path }}" + permissions: "rwx" + etype: "group" + entity: "{{ librenms_group }}" + recursive: "{{ item.recursive | default(false) }}" + state: present + with_items: + # default rules + - path: "{{ librenms_home }}/rrd" + default: true + - path: "{{ librenms_home }}/logs" + default: true + - path: "{{ librenms_home }}/bootstrap/cache/" + default: true + - path: "{{ librenms_home }}/storage/" + default: true + # apply recursive + - path: "{{ librenms_home }}/rrd" + recursive: true + - path: "{{ librenms_home }}/logs" + recursive: true + - path: "{{ librenms_home }}/bootstrap/cache/" + recursive: true + - path: "{{ librenms_home }}/storage/" + recursive: true + tags: + - acls + +- name: Install python requirements. + pip: + executable: /usr/bin/pip3 + requirements: "{{ librenms_home }}/requirements.txt" + become_user: "{{ librenms_user }}" + become: yes + tags: + - pip + +- name: Install PHP composer as librenms user # noqa 301 + become: True + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: ./scripts/composer_wrapper.php install --no-dev + args: + chdir: "{{ librenms_home }}" + tags: + - composer + +- name: Enable lnms command completion - link + file: + src: "{{ librenms_home }}/lnms" + dest: /usr/local/bin/lnms + state: link + tags: + - lnms + +- name: Enable lnms command completion - copy file + copy: + remote_src: true + src: "{{ librenms_home }}/misc/lnms-completion.bash" + dest: /etc/bash_completion.d/ + tags: + - lnms + +#- name: Update running daily.sh. # noqa 301 +# command: "./daily.sh" +# args: +# chdir: "{{ librenms_home }}" +# become_user: "{{ librenms_user }}" +# become: yes +# tags: +# - run_daily.sh diff --git a/tasks/librenms-postinst.yml b/tasks/librenms-postinst.yml new file mode 100644 index 0000000..8f10dae --- /dev/null +++ b/tasks/librenms-postinst.yml @@ -0,0 +1,15 @@ +--- +- name: LibreNMS postinst configuration + become: True + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + shell: "lnms {{ item }}" + args: + chdir: "{{ librenms_home }}" + with_items: "{{ librenms_postinst_config | default([], true) }}" + when: librenms_postinst_config is defined + tags: + - librenms + - librenms_postinst + diff --git a/tasks/librenms-socialite.yml b/tasks/librenms-socialite.yml new file mode 100644 index 0000000..a682884 --- /dev/null +++ b/tasks/librenms-socialite.yml @@ -0,0 +1,92 @@ +--- +- name: Configure Socialite + command: "lnms config:set auth.socialite.{{ item.key }} {{ item.value }}" + become: yes + become_user: "{{ librenms_user }}" + args: + chdir: "{{ librenms_home }}" + with_dict: "{{ librenms_socialite_settings }}" + when: (librenms_socialite_settings is defined) and (librenms_socialite_settings|length > 0) + tags: + - librenms_socialite + - librenms_socialite_settings + +- name: Install Socialite Microsoft plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: "lnms plugin:add socialiteproviders/microsoft" + args: + chdir: "{{ librenms_home }}" + when: librenms_socialite_microsoft_plugin_install | default(false, true) + tags: + - librenms_socialite + - librenms_socialite_microsoft_plugin_install + +- name: Enable Socialite Microsoft plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: 'lnms config:set auth.socialite.configs.microsoft.listener "\SocialiteProviders\Microsoft\MicrosoftExtendSocialite"' + args: + chdir: "{{ librenms_home }}" + when: librenms_socialite_microsoft_plugin_install | default(false, true) + tags: + - librenms_socialite + - librenms_socialite_microsoft_plugin_install + +- name: Configure Socialite Microsoft plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: "lnms config:set auth.socialite.configs.microsoft.{{ item.key }} {{ item.value }}" + args: + chdir: "{{ librenms_home }}" + with_dict: "{{ librenms_socialite_microsoft_plugin_settings | default([], true) }}" + when: librenms_socialite_microsoft_plugin_settings is defined + tags: + - librenms_socialite + - librenms_socialite_microsoft_plugin_settings + +- name: Install Socialite SAML plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: "lnms plugin:add socialiteproviders/saml2" + args: + chdir: "{{ librenms_home }}" + when: librenms_socialite_saml_plugin_install | default(false, true) + tags: + - librenms_socialite + - librenms_socialite_saml_plugin_install + +- name: Enable Socialite SAML plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: 'lnms config:set auth.socialite.configs.saml2.listener "\SocialiteProviders\Saml2\Saml2ExtendSocialite"' + args: + chdir: "{{ librenms_home }}" + when: librenms_socialite_saml_plugin_install | default(false, true) + tags: + - librenms_socialite + - librenms_socialite_saml_plugin_install + +- name: Configure Socialite SAML plugin + become: yes + become_user: "{{ librenms_user }}" + vars: + ansible_command_timeout: 3600 + command: "lnms config:set auth.socialite.configs.saml2.{{ item.key }} {{ item.value }}" + args: + chdir: "{{ librenms_home }}" + with_dict: "{{ librenms_socialite_saml_plugin_settings | default([], true) }}" + when: librenms_socialite_saml_plugin_settings is defined + tags: + - librenms_socialite + - librenms_socialite_saml_plugin_settings diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e774038 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,46 @@ +--- +# tasks file for ansible-role-librenms +- name: Install packages + import_tasks: packages.yml + tags: + - packages + +- name: Configure user. + import_tasks: user.yml + tags: + - user + +- name: Install librenms. + import_tasks: librenms-install.yml + tags: + - librenms-install + - librenms + +- name: Install rrdcached. + import_tasks: rrdcached.yml + tags: + - rrdcached + +- name: Install nagios plugins. + import_tasks: nagios_plugins.yml + tags: + - nagios-plugins + - nagios + +- name: Configure librenms. + import_tasks: librenms-config.yml + tags: + - librenms-config + - librenms + +- name: Install and configure Socialite + import_tasks: librenms-socialite.yml + tags: + - librenms_socialite + - librenms + +- name: LibreNMS postinst configuration + import_tasks: librenms-postinst.yml + tags: + - librenms_postinst + - librenms diff --git a/tasks/nagios_plugins.yml b/tasks/nagios_plugins.yml new file mode 100644 index 0000000..a4ac176 --- /dev/null +++ b/tasks/nagios_plugins.yml @@ -0,0 +1,7 @@ +--- +- name: Install additional nagios plugins. + get_url: + url: "{{ item.url }}" + dest: "{{ librenms_nagios_plugins_dir }}/{{ item.name }}" + mode: 0755 + with_items: "{{ librenms_nagios_plugins }}" diff --git a/tasks/packages.yml b/tasks/packages.yml new file mode 100644 index 0000000..48643df --- /dev/null +++ b/tasks/packages.yml @@ -0,0 +1,17 @@ +--- +- name: "Enable universe repo" + apt_repository: + repo: '{{ item }}' + state: present + with_items: + - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} universe" + - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates universe" + when: ansible_architecture == "x86_64" and + ansible_distribution == "Ubuntu" + +- name: install required packages. + apt: + name: "{{ librenms_packages }}" + cache_valid_time: 3600 + when: ansible_architecture == "x86_64" and + ansible_distribution == "Ubuntu" diff --git a/tasks/rrdcached.yml b/tasks/rrdcached.yml new file mode 100644 index 0000000..6506337 --- /dev/null +++ b/tasks/rrdcached.yml @@ -0,0 +1,38 @@ +- name: install rrdcached. + apt: + name: rrdcached + cache_valid_time: 3600 + when: ansible_architecture == "x86_64" and + ansible_os_family == "Debian" and + librenms_rrdcached is defined + tags: + - rrdcached + - rrdcached_install + +- name: Update /etc/default/rrdcached + lineinfile: + path: "/etc/default/rrdcached" + regex: '^#*\s*{{ item.key }}.*$' + line: "{{ item.key }}={{ item.value }}" + with_items: "{{ librenms_rrdcached_settings }}" + when: ansible_architecture == "x86_64" and + ansible_os_family == "Debian" and + librenms_rrdcached is defined + notify: + - restart rrdcached + tags: + - rrdcached + - rrdcached_configure + +- name: Change ownership on /var/lib/rrdcached/ + file: + path: "/var/lib/rrdcached" + owner: "{{ librenms_user }}" + group: "{{ librenms_group }}" + recurse: true + when: ansible_architecture == "x86_64" and + ansible_os_family == "Debian" and + librenms_rrdcached is defined + tags: + - rrdcached + - rrdcached_ownership diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..ee17d49 --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,27 @@ +--- +- name: Create librenms group. + group: + name: "{{ librenms_group }}" + state: present + +- name: Create librenms user. + user: + name: "{{ librenms_user }}" + shell: /bin/bash + group: "{{ librenms_group }}" + home: "{{ librenms_home }}" + create_home: no + append: no + system: yes + state: present + notify: + - restart apache + +- name: Add www-data to librenms group. + user: + name: www-data + groups: + - www-data + - "{{ librenms_group }}" + notify: + - restart apache diff --git a/templates/etc/varnish/default.vcl.j2 b/templates/etc/varnish/default.vcl.j2 new file mode 100644 index 0000000..30e191e --- /dev/null +++ b/templates/etc/varnish/default.vcl.j2 @@ -0,0 +1,77 @@ +# +# This is an example VCL file for Varnish. +# +# It does not do anything by default, delegating control to the +# builtin VCL. The builtin VCL is called when there is no explicit +# return statement. +# +# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ +# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples. + +# Marker to tell the VCL compiler that this VCL has been adapted to the +# new 4.0 format. +vcl 4.0; + +# Default backend definition. Set this to point to your Apache server. +backend librenms { + .host = "127.0.0.1"; + .port = "8080"; +} + +# In this example our objective is to cache static content with Varnish and temporarily +# cache dynamic content in the client web browser. + +sub vcl_recv { + # HTTP requests from client web browser. + # Here we remove any cookie HTTP requests for the 'librenms.domain.net' host + # containing the matching file extensions. We don't have to match by host if you + # only have LibreNMS running on Apache. + # If the cookies are not removed from the HTTP request then Varnish will not cache + # the files. 'else' function is set to 'pass', or don't cache anything that doesn't + # match. + + if (req.http.host ~ "^{{ librenms_config_mydomain }}") { + set req.backend_hint = librenms; + if (req.url ~ "\.(png|gif|jpg|jpeg|ico|pdf|js|css|svg|eot|otf|woff|woff2|ttf)$") { + unset req.http.Cookie; + } + + else{ + return(pass); + } + } +} + +sub vcl_backend_response { + # 'sub vcl_backend_response' is the same function as 'sub vcl_fetch' in Varnish 3, however, + # the syntax is slightly different + # This function happens after we read the response headers from the backend (Apache). + # First function 'if (bereq.url ~ "\' removes cookies from the Apache HTTP responses + # that match the file extensions that are between the quotes, and cache the files for 24 hours. + # This assumes you update LibreNMS once a day, otherwise restart Varnish to clear cache. + # Second function 'if (bereq.url ~ "^/' removes the Pragma no-cache statements and sets the age + # of how long the client browser will cache the matching urls. + # LibreNMS graphs are updated every 300 seconds, 'max-age=300' is set to match this behavior. + # We could cache these URLs in Varnish but it would add to the complexity of the config. + + if (bereq.http.host ~ "^{{ librenms_config_mydomain }}") { + if (bereq.url ~ "\.(png|gif|jpg|jpeg|ico|pdf|js|css|svg|eot|otf|woff|woff2|ttf)$") { + unset beresp.http.Set-cookie; + set beresp.ttl = 24h; + } + + if (bereq.url ~ "^/graph.php" || "^/device/" || "^/iftype/" || "^/customers/" || "^/health/" || "^/apps/" || "^/(plugin)$" || "^/(alert)$" || "^/eventlog/" || "^/graphs/" || "^/ports/" ) { + unset beresp.http.Pragma; + set beresp.http.Cache-Control = "max-age=300"; + } + } +} + +sub vcl_deliver { + # Happens when we have all the pieces we need, and are about to send the + # response to the client. + # You can do accounting or modifying the final object here. + + return (deliver); +} + diff --git a/templates/opt/librenms/config.php.j2 b/templates/opt/librenms/config.php.j2 new file mode 100644 index 0000000..c65b709 --- /dev/null +++ b/templates/opt/librenms/config.php.j2 @@ -0,0 +1,109 @@ +