ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
149 lines
4.0 KiB
YAML
149 lines
4.0 KiB
YAML
---
|
|
- name: Install monitoring packages (server)
|
|
ansible.builtin.apt:
|
|
name:
|
|
# System monitoring
|
|
- htop
|
|
- iotop
|
|
- nethogs
|
|
- iftop
|
|
- ncdu
|
|
- dstat
|
|
# Log monitoring / security
|
|
- logwatch
|
|
- fail2ban
|
|
# Network monitoring
|
|
- nmap
|
|
- tcpdump
|
|
# Performance monitoring
|
|
- sysstat
|
|
- atop
|
|
state: present
|
|
|
|
- name: Check if btop is available in apt
|
|
ansible.builtin.command: apt-cache policy btop
|
|
register: monitoring_server_btop_apt_check
|
|
changed_when: false
|
|
failed_when: false
|
|
when: monitoring_server_install_btop | bool
|
|
|
|
- name: Install btop from apt if available (Debian 12+)
|
|
ansible.builtin.apt:
|
|
name: btop
|
|
state: present
|
|
update_cache: false
|
|
when:
|
|
- monitoring_server_install_btop | bool
|
|
- monitoring_server_btop_apt_check.rc == 0
|
|
- "'Candidate:' in monitoring_server_btop_apt_check.stdout"
|
|
- "'(none)' not in monitoring_server_btop_apt_check.stdout"
|
|
failed_when: false
|
|
|
|
- name: Install btop from binary if apt not available
|
|
when:
|
|
- monitoring_server_install_btop | bool
|
|
- monitoring_server_btop_apt_check.rc != 0 or "(none)" in monitoring_server_btop_apt_check.stdout
|
|
block:
|
|
- name: Download btop binary
|
|
ansible.builtin.get_url:
|
|
url: https://github.com/aristocratos/btop/releases/latest/download/btop-x86_64-linux-musl.tbz
|
|
dest: /tmp/btop.tbz
|
|
mode: '0644'
|
|
failed_when: false
|
|
|
|
- name: Extract btop
|
|
ansible.builtin.unarchive:
|
|
src: /tmp/btop.tbz
|
|
dest: /tmp/
|
|
remote_src: true
|
|
failed_when: false
|
|
|
|
- name: Install btop binary
|
|
ansible.builtin.copy:
|
|
src: /tmp/btop/bin/btop
|
|
dest: /usr/local/bin/btop
|
|
mode: '0755'
|
|
remote_src: true
|
|
failed_when: false
|
|
|
|
- name: Clean up btop download
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- /tmp/btop.tbz
|
|
- /tmp/btop
|
|
failed_when: false
|
|
|
|
- name: Configure fail2ban
|
|
ansible.builtin.template:
|
|
src: jail.local.j2
|
|
dest: /etc/fail2ban/jail.local
|
|
mode: '0644'
|
|
notify: restart fail2ban
|
|
|
|
- name: Enable sysstat data collection
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/default/sysstat
|
|
regexp: '^ENABLED='
|
|
line: 'ENABLED="true"'
|
|
notify: restart sysstat
|
|
when: monitoring_server_enable_sysstat | bool
|
|
|
|
- name: Create monitoring scripts directory
|
|
ansible.builtin.file:
|
|
path: /usr/local/bin/monitoring
|
|
state: directory
|
|
mode: '0755'
|
|
when: monitoring_server_create_scripts | bool
|
|
|
|
- name: Deploy system monitoring script
|
|
ansible.builtin.copy:
|
|
content: |
|
|
#!/bin/bash
|
|
# System monitoring dashboard
|
|
echo "=== System Overview ==="
|
|
echo "Hostname: $(hostname)"
|
|
echo "Uptime: $(uptime -p)"
|
|
echo "Load: $(uptime | awk -F'load average:' '{print $2}')"
|
|
echo ""
|
|
echo "=== Memory ==="
|
|
free -h
|
|
echo ""
|
|
echo "=== Disk Usage ==="
|
|
df -h / /home 2>/dev/null | grep -v tmpfs
|
|
echo ""
|
|
echo "=== Top Processes ==="
|
|
ps aux --sort=-%cpu | head -6
|
|
echo ""
|
|
echo "=== Network Connections ==="
|
|
ss -tuln | head -10
|
|
echo ""
|
|
if command -v tailscale >/dev/null; then
|
|
echo "=== Tailscale Status ==="
|
|
tailscale status --peers=false 2>/dev/null || echo "Not connected"
|
|
fi
|
|
dest: /usr/local/bin/monitoring/sysinfo
|
|
mode: '0755'
|
|
when: monitoring_server_create_scripts | bool
|
|
|
|
- name: Deploy network monitoring script
|
|
ansible.builtin.copy:
|
|
content: |
|
|
#!/bin/bash
|
|
# Network monitoring script
|
|
echo "=== Network Interface Status ==="
|
|
ip addr show | grep -E "(inet |state )" | grep -v 127.0.0.1
|
|
echo ""
|
|
echo "=== Route Table ==="
|
|
ip route show
|
|
echo ""
|
|
echo "=== DNS Configuration ==="
|
|
cat /etc/resolv.conf | grep nameserver
|
|
echo ""
|
|
echo "=== Open Ports ==="
|
|
ss -tuln | grep LISTEN | sort
|
|
dest: /usr/local/bin/monitoring/netinfo
|
|
mode: '0755'
|
|
when: monitoring_server_create_scripts | bool
|