allow to change IP address and port used by Netdata

This commit is contained in:
Jeremy Gardais 2018-07-27 14:08:43 +02:00
parent 44bfbae4df
commit e01808beb5
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
7 changed files with 69 additions and 2 deletions

29
.travis.yml Normal file
View File

@ -0,0 +1,29 @@
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

View File

@ -6,3 +6,4 @@
* Can choose to install recommends packages. * Can choose to install recommends packages.
* Manage Netdata configuration (/etc). * Manage Netdata configuration (/etc).
* Ensure Netdata service is enabled and started. * Ensure Netdata service is enabled and started.
* Allow to change IP address and port used.

View File

@ -20,6 +20,8 @@ A role to manage Netdata installation and configuration.
* **netdata__etc_src**: Directory used as source to templating /etc/netdata configuration content [default: `../templates/etc/netdata`]. * **netdata__etc_src**: Directory used as source to templating /etc/netdata configuration content [default: `../templates/etc/netdata`].
* **netdata__service_name**: The service name to manage [default: `netdata`]. * **netdata__service_name**: The service name to manage [default: `netdata`].
* **netdata__service_manage**: If the Netdata services should be managed [default: `True`]. * **netdata__service_manage**: If the Netdata services should be managed [default: `True`].
* **netdata__conf_bind_ip**: IP address used by Netdata to listen [default: `127.0.0.1`].
* **netdata__conf_bind_port**: Port used by Netdata to listen [default: `19999`].
## Example Playbook ## Example Playbook
@ -57,12 +59,23 @@ mynode.DOMAIN
└── snmp.conf.md.j2 └── snmp.conf.md.j2
``` ```
* Listen on LAN, be careful, Netdata is not designed to be exposed (see [issue 64][netdata issue 164]):
``` yml
- hosts: mynode.DOMAIN
roles:
- role: ipr-cnrs.netdata
netdata__etc_src: '{{ inventory_dir + "/../resources/host/mynode.DOMAIN/etc/netdata/" }}'
```
* You can at least limit the access to the port **19999** to known ip addresses with your firewall [see the documentation about security][netdata wiki security],…
## Configuration ## Configuration
This role will: This role will:
* Install needed packages to provide `netdata` service. * Install needed packages to provide `netdata` service.
* Manage Netdata configuration (/etc/netdata). * Manage Netdata configuration directory (/etc/netdata).
* Ensure Netdata service is enabled and started. * Ensure Netdata service is enabled and started.
* Set up some basics configuration (bind ip, port,…).
## Development ## Development
@ -87,3 +100,5 @@ Jérémy Gardais
[netdata github]: https://github.com/ipr-cnrs/netdata [netdata github]: https://github.com/ipr-cnrs/netdata
[wtfpl website]: http://www.wtfpl.net/about/ [wtfpl website]: http://www.wtfpl.net/about/
[ipr website]: https://ipr.univ-rennes1.fr/ [ipr website]: https://ipr.univ-rennes1.fr/
[netdata issue 164]: https://github.com/firehol/netdata/issues/164
[netdata wiki security]: https://github.com/firehol/netdata/wiki/netdata-security#protect-netdata-from-the-internet

View File

@ -70,5 +70,19 @@ netdata__service_manage: True
netdata__etc_src: '../templates/etc/netdata' netdata__etc_src: '../templates/etc/netdata'
# ]]] # ]]]
# .. envvar:: netdata__conf_bind_ip [[[.
#
# IP address Netdata will listen to.
#
netdata__conf_bind_ip: '127.0.0.1'
# ]]]
# .. envvar:: netdata__conf_bind_port [[[.
#
# Port Netdata will listen to.
#
netdata__conf_bind_port: '19999'
# ]]]
# ]]] # ]]]

View File

@ -18,4 +18,6 @@
web files group = root web files group = root
# Netdata is not designed to be exposed to potentially hostile # Netdata is not designed to be exposed to potentially hostile
# networks.See https://github.com/firehol/netdata/issues/164 # networks.See https://github.com/firehol/netdata/issues/164
bind socket to IP = 127.0.0.1
[web]
bind to = {{ netdata__conf_bind_ip }}:{{ netdata__conf_bind_port }}

1
tests/inventory Normal file
View File

@ -0,0 +1 @@
localhost

5
tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- netdata