From 9792e035af468e33ec4dd85be3d68f408a41b768 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 5 Jan 2015 15:37:19 -0500 Subject: add custom puppet manifests to add munin to the openvpn nodes so we can get data on traffic/vpn usage for reporting purposes --- files/puppet/modules/custom/init.pp | 14 +++++ .../custom_munin_node/files/munin-node.conf | 65 ++++++++++++++++++++++ .../modules/custom_munin_node/manifests/init.pp | 30 ++++++++++ .../modules/custom_munin_node/manifests/openvpn.pp | 35 ++++++++++++ .../custom_shorewall/manifests/munin_node.pp | 23 ++++++++ 5 files changed, 167 insertions(+) create mode 100644 files/puppet/modules/custom/init.pp create mode 100644 files/puppet/modules/custom_munin_node/files/munin-node.conf create mode 100644 files/puppet/modules/custom_munin_node/manifests/init.pp create mode 100644 files/puppet/modules/custom_munin_node/manifests/openvpn.pp create mode 100644 files/puppet/modules/custom_shorewall/manifests/munin_node.pp (limited to 'files/puppet') diff --git a/files/puppet/modules/custom/init.pp b/files/puppet/modules/custom/init.pp new file mode 100644 index 0000000..74a688b --- /dev/null +++ b/files/puppet/modules/custom/init.pp @@ -0,0 +1,14 @@ +# Customization init class +class custom { + include site_config::setup + include site_config::default + + $services = hiera('services', []) + + include custom_munin_node + include custom_shorewall::munin_node + + if member ( $services, 'openvpn') { + include custom_munin_node::openvpn + } +} diff --git a/files/puppet/modules/custom_munin_node/files/munin-node.conf b/files/puppet/modules/custom_munin_node/files/munin-node.conf new file mode 100644 index 0000000..0c4e458 --- /dev/null +++ b/files/puppet/modules/custom_munin_node/files/munin-node.conf @@ -0,0 +1,65 @@ +########## +########## Managed by puppet +########## + +log_level 4 +log_file /var/log/munin/munin-node.log +pid_file /var/run/munin/munin-node.pid + +background 1 +setsid 1 + +user root +group root + +# This is the timeout for the whole transaction. +# Units are in sec. Default is 15 min +# +# global_timeout 900 + +# This is the timeout for each plugin. +# Units are in sec. Default is 1 min +# +# timeout 60 + +# Regexps for files to ignore +#ignore_file [\#~]$ +ignore_file DEADJOE$ +ignore_file \.bak$ +ignore_file %$ +ignore_file \.dpkg-(tmp|new|old|dist)$ +ignore_file \.rpm(save|new)$ +ignore_file \.pod$ + +# Set this if the client doesn't report the correct hostname when +# telnetting to localhost, port 4949 +# +#host_name localhost.localdomain + +# A list of addresses that are allowed to connect. This must be a +# regular expression, since Net::Server does not understand CIDR-style +# network notation unless the perl module Net::CIDR is installed. You +# may repeat the allow line as many times as you'd like +allow ^127\.0\.0\.1$ +allow ^198\.252\.153\.95$ +allow ^204\.13\.164\.23$ +allow ^199\.254\.238\.23$ +allow ^::1$ + + +# If you have installed the Net::CIDR perl module, you can use one or more +# cidr_allow and cidr_deny address/mask patterns. A connecting client must +# match any cidr_allow, and not match any cidr_deny. Note that a netmask +# *must* be provided, even if it's /32 +# +# Example: +# +# cidr_allow 127.0.0.1/32 +# cidr_allow 192.0.2.0/24 +# cidr_deny 192.0.2.42/32 + +# Which address to bind to; +host * + +# And which port +port 4949 \ No newline at end of file diff --git a/files/puppet/modules/custom_munin_node/manifests/init.pp b/files/puppet/modules/custom_munin_node/manifests/init.pp new file mode 100644 index 0000000..449b499 --- /dev/null +++ b/files/puppet/modules/custom_munin_node/manifests/init.pp @@ -0,0 +1,30 @@ +# Munin configuration for all nodes +class custom_munin_node { + package { 'munin-node': + ensure => installed + } + + service { 'munin-node': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => Package[munin-node]; + } + + file {'/etc/munin': + ensure => directory, + mode => '0755', + owner => root, + group => 0; + } + + file {'/etc/munin/munin-node.conf': + source => 'puppet:///modules/custom_munin_node/munin-node.conf', + before => Package['munin-node'], + notify => Service['munin-node'], + mode => '0644', + owner => root, + group => 0; + } +} \ No newline at end of file diff --git a/files/puppet/modules/custom_munin_node/manifests/openvpn.pp b/files/puppet/modules/custom_munin_node/manifests/openvpn.pp new file mode 100644 index 0000000..84ce219 --- /dev/null +++ b/files/puppet/modules/custom_munin_node/manifests/openvpn.pp @@ -0,0 +1,35 @@ +# OpenVPN specific stuff +class custom_munin_node::openvpn { + + package { 'munin-plugins-core': + ensure => installed + } + + file {'/etc/munin/plugins': + ensure => directory, + mode => '0755', + owner => root, + group => 0; + } + + file {'/etc/munin/plugins/openvpn': + ensure => 'link', + target => '/usr/share/munin/plugins/openvpn', + before => Package['munin-plugins-core'], + owner => root, + group => 0; + } + + concat{ '/etc/munin/plugin-conf.d/munin-openvpn': + owner => root, + group => root, + mode => '0644'; + } + + concat::fragment{ 'openvpn_udp': + target => '/etc/munin/plugin-conf.d/munin-openvpn', + content => "[openvpn] +user root +env.statusfile /var/run/openvpn-status-udp"; + } +} \ No newline at end of file diff --git a/files/puppet/modules/custom_shorewall/manifests/munin_node.pp b/files/puppet/modules/custom_shorewall/manifests/munin_node.pp new file mode 100644 index 0000000..ab9799b --- /dev/null +++ b/files/puppet/modules/custom_shorewall/manifests/munin_node.pp @@ -0,0 +1,23 @@ +# Shorewall munin rules +class custom_shorewall::munin_node { + + include site_shorewall::defaults + include site_shorewall::ip_forward + + $node_port = '4949' + + # define macro for incoming services + file { '/etc/shorewall/macro.munin_node': + content => "PARAM - - tcp ${node_port} ", + notify => Service['shorewall'], + require => Package['shorewall'] + } + + shorewall::rule { + 'net2fw-munin_node': + source => 'net', + destination => '$FW', + action => 'munin_node(ACCEPT)', + order => 200; + } +} -- cgit v1.2.3