--- /dev/null
+signalfx_splunk_agent_configuration
+===================================
+
+This role will help you configure any server node to monitor the services like HTTP and SYSTEMD.
+This will create the necessary configuration files and add the server for monitoring on the dashboard.
+
+Prerequisites
+-------------
+
+Requires an access_token which needs to be generated in your profile.
+
+HTTP - Monitoring
++++++++++++++++++
+
+Create a variable file as follows. Example: http_vars.yml::
+
+ ---
+ access_token: "<Your access token>"
+ basic_attributes:
+ appcode: "<Your preferred appcode>"
+ http_enabled: true
+ http_monitors:
+ - host: example1.domain.com
+ http_timeout: 1s
+ - host: example2.domain.com
+ port: 80
+ use_https: false
+ - host: example3.domain.com
+ port: 8443
+ path: /my/path/index.html
+ skip_verify: true
+
++++++++++++++++++
+
+
+SYSTEMD - Monitoring
+++++++++++++++++++++
+
+Create a variable file as follows. Example: systemd_vars.yml::
+
+ ---
+ access_token: "<Your access token>"
+ basic_attributes:
+ appcode: "<Your preferred appcode>"
+ systemd_enabled: true
+ systemd_services:
+ - ssh
+ - nginx
+ - firewall
+ systemd_sendactivestate: true
+ systemd_extrametrics:
+ - gauge.active_state.active
+
+++++++++++++++++++++
+
+How to run
+----------
+
+You can pass the variables file name as a extra variable `var_file_name`.
+
+If nothing is provided then it will make use of the vars/main.yml parameters and configure the node to default settings.
+
+NOTE: If you wish to configure the node with default setting, please remember to change the values below.
+
+- access_token
+- appcode
+
+The way of passing the variable to the ansible playbook can be achieved by running the following command::
+
+ Example: If your variables file name is http_vars.yml
+ ansible-playbook -i hosts -e "var_file_name=http_vars.yml" signalfx.yml
+
+----------
--- /dev/null
+---
+agent_interval_seconds: 20
+agent_realm: us1
+agent_restorecon_map:
+ RedHat6: /sbin/restorecon
+ RedHat7: /usr/sbin/restorecon
+ RedHat8: /sbin/restorecon
+agent_restorecon_path: "{{ agent_restorecon_map[ ansible_distribution + ansible_distribution_major_version ] }}"
+signalfx_skip_repo: true
+
+http_enabled: false
+http_monitors: []
+
+systemd_enabled: false
+systemd_services: []
+
+signalfx_repo_base_url: https://splunk.jfrog.io/splunk
+signalfx_package_stage: release
+signalfx_version: latest
+signalfx_conf_file_path: /etc/signalfx/agent.yaml
+signalfx_service_user: signalfx-agent
+signalfx_service_group: signalfx-agent
+signalfx_service_state: started
--- /dev/null
+---
+- name: agent_systemd_reload
+ systemd:
+ daemon_reload: yes
+
+- name: agent_restart
+ service:
+ name: signalfx-agent
+ state: restarted
--- /dev/null
+---
+- name: Configure HTTP monitoring
+ template:
+ src: http.yaml.j2
+ dest: "{{ agent_extra_monitor_path }}/http.yaml"
+ owner: "{{ signalfx_service_user }}"
+ group: "{{ signalfx_service_group }}"
+ mode: 0600
+ notify: agent_restart
+
+- name: Ensure OCSP cache can be created
+ file:
+ state: directory
+ path: '/usr/lib/signalfx-agent/.cache/'
+ owner: 'signalfx-agent'
+ group: 'signalfx-agent'
+ mode: '0700'
--- /dev/null
+---
+- name: Import signalfx-agent deploy for CentOS or RHEL
+ import_tasks: yum_installation.yml
+ when: ansible_os_family in rhel_distro
+
+- name: Import signalfx-agent deploy for Debian or Ubuntu
+ import_tasks: ubuntu_installation.yml
+ when: ansible_os_family in ubuntu_distro
+
+- name: Set signalfx-agent service owner
+ import_tasks: service_owner.yml
+
+- name: Write signalfx config
+ copy:
+ content: "{{ signalfx_agent_config | to_nice_yaml }}"
+ dest: "{{ signalfx_conf_file_path }}"
+ owner: "{{ signalfx_service_user }}"
+ group: "{{ signalfx_service_group }}"
+ mode: 0600
+
+- name: Start signalfx-agent
+ service:
+ name: signalfx-agent
+ state: "{{ signalfx_service_state }}"
+ enabled: yes
--- /dev/null
+---
+- name: Validate the variable definitions
+ assert:
+ that:
+ - basic_attributes is defined
+ - basic_attributes['appcode'] is defined
+ - access_token is defined
+ quiet: true
+
+- name: Default monitors
+ set_fact:
+ _agent_monitors: "{{ default_monitors }}"
+ when: agent_monitors is not defined
+
+- name: Configure SELinux for SignalFX Smart Agent
+ seboolean:
+ name: nis_enabled
+ state: yes
+ persistent: yes
+ when: ansible_distribution_major_version | int > 6
+
+- name: Create the SignalFX Smart Agent configuration directory
+ file:
+ path: "{{ access_token_path | dirname }}"
+ state: directory
+ mode: 0700
+
+- name: Store SignalFX access token in a separate file
+ copy:
+ dest: "{{ access_token_path }}"
+ content: "{{ access_token }}"
+ mode: 0600
+ no_log: true
+
+- name: Import the SignalFX Smart Agent role
+ import_tasks: signalfx_main.yml
+ vars:
+ signalfx_agent_config:
+ signalFxAccessToken: "{'#from': '{{ access_token_path }}'}"
+ signalFxRealm: "{{ agent_realm }}"
+ intervalSeconds: "{{ agent_interval_seconds }}"
+ globalDimensions: "{{ basic_attributes }}"
+ monitors: "{{ _agent_monitors }}"
+
+- name: Include extra monitors in agent configuration
+ blockinfile:
+ path: "{{ signalfx_conf_file_path }}"
+ insertafter: 'monitors:'
+ block: |
+ - '#from': /etc/signalfx/monitors/*
+ flatten: true
+ optional: true
+
+- name: Create directory for SignalFX extra monitors
+ file:
+ path: "{{ agent_extra_monitor_path }}"
+ state: directory
+ owner: "{{ signalfx_service_user }}"
+ group: "{{ signalfx_service_group }}"
+ mode: 0700
+
+- name: Correct bundled binaries SELinux context types to work around an upstream bug
+ sefcontext:
+ target: "{{ agent_bin_path }}"
+ setype: "{{ agent_bin_setype }}"
+ state: present
+
+- name: Apply the SELinux context type to collectd
+ command: "{{ agent_restorecon_path }} -RvF {{ agent_bin_restore }}"
+
+- name: Fix the SignalFX Smart Agent service startup
+ blockinfile:
+ path: "{{ agent_systemd_config }}"
+ backup: yes
+ insertbefore: BOF
+ block: |
+ [Unit]
+ Description=SignalFX Smart Agent
+ After=network.target nss-lookup.target multi-user.target
+ notify: agent_systemd_reload
+ when: ansible_distribution_major_version | int > 6
+
+- name: Configure HTTP monitoring
+ import_tasks: http.yml
+ when: http_enabled
+
+- name: Configure Systemd services monitoring
+ import_tasks: systemd.yml
+ when: systemd_enabled
--- /dev/null
+---
+- name: Create user/group
+ block:
+ - name: Get groups
+ getent:
+ database: group
+ key: "{{ signalfx_service_group }}"
+ fail_key: no
+ - name: Create group
+ group:
+ name: "{{ signalfx_service_group }}"
+ system: yes
+ when: not getent_group[signalfx_service_group]
+ - name: Get users
+ getent:
+ database: passwd
+ key: "{{ signalfx_service_user }}"
+ fail_key: no
+ - name: Create user
+ user:
+ name: "{{ signalfx_service_user }}"
+ group: "{{ signalfx_service_group }}"
+ createhome: no
+ shell: /sbin/nologin
+ system: yes
+ when: not getent_passwd[signalfx_service_user]
+
+- name: Set user/group for signalfx-agent systemd service
+ block:
+ - name: Stop systemd service
+ service:
+ name: signalfx-agent
+ state: stopped
+ - name: Create tmpfile override
+ lineinfile:
+ path: /etc/tmpfiles.d/signalfx-agent.conf
+ create: yes
+ line: "D /run/signalfx-agent 0755 {{ signalfx_service_user }} {{ signalfx_service_group }} - -"
+ regexp: '^D /run/signalfx-agent .*'
+ insertafter: EOF
+ - name: Initialize tmpfile override
+ command: systemd-tmpfiles --create --remove /etc/tmpfiles.d/signalfx-agent.conf
+ - name: Create systemd override directory
+ file:
+ path: /etc/systemd/system/signalfx-agent.service.d/
+ state: directory
+ - name: Create systemd service owner override file
+ lineinfile:
+ path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf
+ create: yes
+ line: '[Service]'
+ regexp: '^\[Service\].*'
+ insertafter: EOF
+ - name: Set systemd service owner user
+ lineinfile:
+ path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf
+ line: "User={{ signalfx_service_user }}"
+ regexp: '^User=.*'
+ insertafter: '^\[Service\].*'
+ - name: Set systemd service owner group
+ lineinfile:
+ path: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf
+ line: "Group={{ signalfx_service_group }}"
+ regexp: '^Group=.*'
+ insertafter: '^User=.*'
+ - name: Reload systemd service
+ systemd:
+ daemon_reload: yes
+ when: ansible_service_mgr == 'systemd'
+
+- name: Set user/group for signalfx-agent initd service
+ block:
+ - name: Stop initd service
+ service:
+ name: signalfx-agent
+ state: stopped
+ - name: Set initd service owner user
+ lineinfile:
+ path: /etc/default/signalfx-agent
+ create: yes
+ line: "user={{ signalfx_service_user }}"
+ regexp: '^user=.*'
+ insertafter: EOF
+ - name: Set initd service owner group
+ lineinfile:
+ path: /etc/default/signalfx-agent
+ line: "group={{ signalfx_service_group }}"
+ regexp: '^group=.*'
+ insertafter: '^user=.*'
+ when: ansible_service_mgr != 'systemd'
--- /dev/null
+---
+- name: Accepted distros
+ set_fact:
+ ubuntu_distro: ['Ubuntu']
+ rhel_distro: ['RedHat', 'Red Hat Enterprise Linux', 'CentOS', 'Amazon']
+ cacheable: true
+
+- name: Confirm if agent configuration is provided!
+ fail: msg='Please provide a populated signalfx_agent_config'
+ when: not (signalfx_agent_config| default(false))
+
+- name: Confirm if SignalFx Access Token is defined!
+ fail: msg='Please specify a signalFxAccessToken in your signalfx_agent_config'
+ when: not (signalfx_agent_config.signalFxAccessToken | default('') | trim) or not signalfx_agent_config.signalFxAccessToken
+
+- name: Acceptable distribution check
+ fail:
+ msg: >
+ Failed! The target is {{ ansible_os_family }} and this role only supports {{ ubuntu_distro }} and {{ rhel_distro }}.
+ when: (ansible_os_family not in ubuntu_distro)
+ and
+ (ansible_os_family not in rhel_distro)
+
+- name: Linux installation
+ include_tasks: linux_installation.yml
+ when: ( ansible_os_family in ubuntu_distro ) or ( ansible_os_family in rhel_distro )
--- /dev/null
+---
+- name: Configure systemd monitoring
+ template:
+ src: systemd.yaml.j2
+ dest: "{{ agent_extra_monitor_path }}/systemd.yaml"
+ owner: "{{ signalfx_service_user }}"
+ group: "{{ signalfx_service_group }}"
+ mode: 0600
+ notify: agent_restart
--- /dev/null
+---
+- name: Delete old signing key for SignalFx Agent
+ apt_key:
+ id: 91668001288D1C6D2885D651185894C15AE495F6
+ state: absent
+
+- name: Delete old signing key file for SignalFx Agent
+ file:
+ path: /etc/apt/trusted.gpg.d/signalfx.gpg
+ state: absent
+
+- name: Add an Apt signing key for Signalfx Agent
+ get_url:
+ url: "{{ sfx_repo_base_url }}/signalfx-agent-deb/splunk-B3CD4420.gpg"
+ dest: /etc/apt/trusted.gpg.d/splunk.gpg
+ mode: 0644
+
+- name: Add Signalfx Agent repository into sources list
+ apt_repository:
+ repo: "deb {{ sfx_repo_base_url }}/signalfx-agent-deb {{ sfx_package_stage }} main"
+ filename: 'signalfx-agent'
+ mode: 644
+ state: present
+ when: not (sfx_skip_repo | bool)
+
+- name: Install signalfx-agent via apt package manager
+ apt:
+ name: signalfx-agent{% if sfx_version is defined and sfx_version != "latest" %}={{ sfx_version }}{% endif %}
+ state: "{% if sfx_version is defined and sfx_version != 'latest' %}present{% else %}{{ sfx_version }}{% endif %}"
+ force: yes
+ update_cache: yes
+ policy_rc_d: 101
--- /dev/null
+---
+- name: Delete old signing key for SignalFx Agent
+ rpm_key:
+ key: 098acf3b
+ state: absent
+
+- name: Add Signalfx Agent repo into source list
+ yum_repository:
+ name: signalfx-agent
+ description: SignalFx Agent Repository
+ baseurl: "{{ signalfx_repo_base_url }}/signalfx-agent-rpm/{{ signalfx_package_stage }}"
+ gpgkey: "{{ signalfx_repo_base_url }}/signalfx-agent-rpm/splunk-B3CD4420.pub"
+ gpgcheck: yes
+ enabled: yes
+ when: not (signalfx_skip_repo | bool)
+
+- name: Install signalfx-agent via yum package manager
+ yum:
+ name: signalfx-agent{% if signalfx_version is defined and signalfx_version != "latest" %}-{{ signalfx_version }}{% endif %}
+ state: "{% if signalfx_version is defined and signalfx_version != 'latest' %}present{% else %}{{ signalfx_version }}{% endif %}"
+ allow_downgrade: yes
+ update_cache: yes
--- /dev/null
+{% for http_monitor in http_monitors %}
+- type: http
+ host: {{ http_monitor.host | default(ansible_fqdn) }}
+ port: {{ http_monitor.port | default(443) }}
+ path: {{ http_monitor.path | default('/')}}
+ httpTimeout: {{ http_monitor.http_timeout | default('5s') }}
+ useHTTPS: {{ http_monitor.use_https | default(true) }}
+ skipVerify: {{ http_monitor.skip_verify | default(false) }}
+ noRedirects: {{ http_monitor.no_redirects | default(false) }}
+ method: {{ http_monitor.method | default('GET') }}
+ desiredCode: {{ http_monitor.desired_code | default(200)}}
+ addRedirectURL: {{ http_monitor.add_redirect_url | default(false) }}
+{% if http_monitor.username is defined %}
+ username: {{ http_monitor.username }}
+{% endif %}
+{% if http_monitor.password is defined %}
+ password: {{ http_monitor.password }}
+{% endif %}
+{% if http_monitor.http_headers is defined %}
+ httpHeaders: {{ http_monitor.http_headers }}
+{% endif %}
+{% if http_monitor.ca_cert_path is defined %}
+ caCertPath: {{ http_monitor.ca_cert_path }}
+{% endif %}
+{% if http_monitor.client_cert_path is defined %}
+ clientCertPath: {{ http_monitor.client_cert_path }}
+{% endif %}
+{% if http_monitor.client_key_path is defined %}
+ clientKeyPath: {{ http_monitor.client_key_path }}
+{% endif %}
+{% if http_monitor.request_body is defined %}
+ requestBody: {{ http_monitor.request_body }}
+{% endif %}
+{% if http_monitor.regex is defined %}
+ regex: {{ http_monitor.regex }}
+{% endif %}
+{% if http_monitor.extra_dimensions is defined %}
+ extraDimensions:
+{{ http_monitor.extra_dimensions | to_nice_yaml | indent(4, True) }}
+{% endif %}
+
+{% endfor %}
--- /dev/null
+- type: collectd/systemd
+ services:
+{% for service in systemd_services %}
+ - {{ service }}
+{% endfor %}
+{% if systemd_sendactivestate is defined %}
+ sendActiveState: {{ systemd_sendactivestate }}
+{% endif %}
+{% if systemd_sendsubstate is defined %}
+ sendSubState: {{ systemd_sendsubstate }}
+{% endif %}
+{% if systemd_sendloadstate is defined %}
+ sendLoadState: {{ systemd_sendloadstate }}
+{% endif %}
+{% if systemd_extrametrics is defined and systemd_extrametrics | length > 0 %}
+ extraMetrics:
+{% for metric in systemd_extrametrics %}
+ - {{ metric }}
+{% endfor %}
+{% endif %}
--- /dev/null
+---
+agent_systemd_config: /etc/systemd/system/signalfx-agent.service.d/service-owner.conf
+access_token_path: /etc/signalfx/token
+agent_extra_monitor_path: /etc/signalfx/monitors
+default_monitors:
+ - type: cpu
+ extraMetrics:
+ - cpu.user
+ - cpu.wait
+ - cpu.system
+ - cpu.steal
+ - type: filesystems
+ - type: disk-io
+ - type: net-io
+ - type: load
+ - type: memory
+ - type: vmem
+ - type: host-metadata
+ - type: processlist
+agent_bin_path: '/usr/lib/signalfx-agent/bin(/.*)'
+agent_bin_restore: '/usr/lib/signalfx-agent/bin'
+agent_bin_setype: bin_t
--- /dev/null
+---
+- name: The signalfx-configurarion for systemd monitoring
+ hosts: all
+ gather_facts: yes
+
+ vars_files:
+ - "{{ var_file_name }}"
+
+ roles:
+ - signalfx_splunk_agent_configuration
projects / ceph-cm-ansible.git / commitdiff