From 14019574971b61c869ec7ae6ac5a00866757a829 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sun, 23 Aug 2020 17:55:09 +0200 Subject: [PATCH] OpenBSD adaptation --- inventory_template/group_vars/os_openbsd.yml | 7 ++----- roles/client_iptables/vars/OpenBSD.yml | 3 +++ roles/munin-async/tasks/user.yml | 6 ++++++ roles/munin-async/vars/OpenBSD.yml | 4 ++++ roles/munin-node/defaults/main.yml | 3 +++ roles/munin-node/handlers/main.yml | 2 +- roles/munin-node/tasks/main.yml | 17 ++++++++++++----- roles/munin-node/templates/munin-node.conf.j2 | 4 ++-- roles/munin-node/vars/OpenBSD.yml | 6 ++++++ 9 files changed, 39 insertions(+), 13 deletions(-) create mode 100644 roles/client_iptables/vars/OpenBSD.yml create mode 100644 roles/munin-async/vars/OpenBSD.yml create mode 100644 roles/munin-node/vars/OpenBSD.yml diff --git a/inventory_template/group_vars/os_openbsd.yml b/inventory_template/group_vars/os_openbsd.yml index 2466baa..bfff9ae 100644 --- a/inventory_template/group_vars/os_openbsd.yml +++ b/inventory_template/group_vars/os_openbsd.yml @@ -1,8 +1,8 @@ # Command to run to execute a Gentoo update -#cron_upgrade_job: emerge --sync --quiet && emerge --quiet-build -uvDN @world && /usr/sbin/perl-cleaner --all -q && emerge --quiet-build @preserved-rebuild && emerge --depclean && eselect news read +cron_upgrade_job: emerge --sync --quiet && emerge --quiet-build -uvDN @world && /usr/sbin/perl-cleaner --all -q && emerge --quiet-build @preserved-rebuild && emerge --depclean && eselect news read # Tools to install on Gentoo hosts -#tools_package: +tools_package: - bind-tools - vim - tcpdump @@ -17,6 +17,3 @@ - jq - mailutils -# PF for OpenBSD (not iptables) -configure_iptables: false - diff --git a/roles/client_iptables/vars/OpenBSD.yml b/roles/client_iptables/vars/OpenBSD.yml new file mode 100644 index 0000000..62b5908 --- /dev/null +++ b/roles/client_iptables/vars/OpenBSD.yml @@ -0,0 +1,3 @@ +--- +# PF is used on OpenBSD (not iptables) +configure_iptables: false diff --git a/roles/munin-async/tasks/user.yml b/roles/munin-async/tasks/user.yml index ae36e18..9b74e23 100644 --- a/roles/munin-async/tasks/user.yml +++ b/roles/munin-async/tasks/user.yml @@ -1,4 +1,10 @@ --- +- name: "Munin user for remote access created" + user: + name: "{{ munin_async_user }}" + password: "!" + when: ansible_os_family == 'OpenBSD' + - name: Set up authorized key for Munin async user authorized_key: user: "{{ munin_async_user }}" diff --git a/roles/munin-async/vars/OpenBSD.yml b/roles/munin-async/vars/OpenBSD.yml new file mode 100644 index 0000000..ac72b82 --- /dev/null +++ b/roles/munin-async/vars/OpenBSD.yml @@ -0,0 +1,4 @@ +--- +munin_async_service_name: munin_asyncd +munin_async_package: munin-node +munin_async_user: "munin-async" diff --git a/roles/munin-node/defaults/main.yml b/roles/munin-node/defaults/main.yml index c527b22..78aa085 100644 --- a/roles/munin-node/defaults/main.yml +++ b/roles/munin-node/defaults/main.yml @@ -1,6 +1,9 @@ --- munin_node_bind_host: "*" munin_node_bind_port: "4949" +munin_node_user: root +munin_node_group: root +munin_node_service: munin-node munin_node_host_name: '' diff --git a/roles/munin-node/handlers/main.yml b/roles/munin-node/handlers/main.yml index 7e0530b..ab47c4f 100644 --- a/roles/munin-node/handlers/main.yml +++ b/roles/munin-node/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart munin-node - service: name=munin-node state=restarted + service: name="{{ munin_node_service }}" state=restarted diff --git a/roles/munin-node/tasks/main.yml b/roles/munin-node/tasks/main.yml index af77cb1..88795ca 100644 --- a/roles/munin-node/tasks/main.yml +++ b/roles/munin-node/tasks/main.yml @@ -28,12 +28,19 @@ when: ansible_os_family == 'Gentoo' notify: restart munin-node +- name: Ensure munin (node) is installed (OpenBSD). + openbsd_pkg: + name: munin-node + state: latest + when: ansible_os_family == 'OpenBSD' + notify: restart munin-node + - name: Copy munin-node configuration. template: src: munin-node.conf.j2 dest: /etc/munin/munin-node.conf - owner: root - group: root + owner: "{{ munin_node_user }}" + group: "{{ munin_node_group }}" mode: 0644 notify: restart munin-node @@ -41,8 +48,8 @@ template: src: plugin-conf.j2 dest: /etc/munin/plugin-conf.d/ansible.conf - owner: root - group: root + owner: "{{ munin_node_user }}" + group: "{{ munin_node_group }}" mode: 0644 notify: restart munin-node @@ -55,4 +62,4 @@ notify: restart munin-node - name: Ensure munin-node is running. - service: name=munin-node state=started enabled=yes + service: name="{{ munin_node_service }}" state=started enabled=yes diff --git a/roles/munin-node/templates/munin-node.conf.j2 b/roles/munin-node/templates/munin-node.conf.j2 index 7fa03c6..51aba93 100644 --- a/roles/munin-node/templates/munin-node.conf.j2 +++ b/roles/munin-node/templates/munin-node.conf.j2 @@ -9,8 +9,8 @@ pid_file {{ munin_node_pid }} background 1 setsid 1 -user root -group root +user {{ munin_node_user }} +group {{ munin_node_group }} # This is the timeout for the whole transaction. # Units are in sec. Default is 15 min diff --git a/roles/munin-node/vars/OpenBSD.yml b/roles/munin-node/vars/OpenBSD.yml new file mode 100644 index 0000000..6f166b5 --- /dev/null +++ b/roles/munin-node/vars/OpenBSD.yml @@ -0,0 +1,6 @@ +--- +munin_node_log: /var/log/munin/munin-node.log +munin_node_pid: /var/run/munin-node.pid +munin_plugin_src_path: /usr/local/libexec/munin/plugins +munin_node_service: munin_node +munin_node_group: wheel