allow to change IP address and port used by Netdata

.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

CHANGELOG.md

@@ -6,3 +6,4 @@
 * Can choose to install recommends packages.
 * Manage Netdata configuration (/etc).
 * Ensure Netdata service is enabled and started.
+* Allow to change IP address and port used.

README.md

@@ -20,6 +20,8 @@ A role to manage Netdata installation and configuration.
 * **netdata__etc_src** : Directory used as source to templating /etc/netdata configuration content [default : `../templates/etc/netdata`].
 * **netdata__service_name** : The service name to manage [default : `netdata`].
 * **netdata__service_manage** : If the Netdata services should be managed [default : `True`].
+* **netdata__conf_bind_ip** : IP address used by Netdata to listen [default : `127.0.0.1`].
+* **netdata__conf_bind_port** : Port used by Netdata to listen [default : `19999`].
 
 ## Example Playbook
 
@@ -57,12 +59,23 @@ mynode.DOMAIN
             └── snmp.conf.md.j2
 ```
 
+* Listen on LAN, be careful, Netdata is not designed to be exposed (see [issue 64][netdata issue 164]) :
+``` yml
+- hosts: mynode.DOMAIN
+  roles:
+    - role: ipr-cnrs.netdata
+      netdata__etc_src: '{{ inventory_dir + "/../resources/host/mynode.DOMAIN/etc/netdata/" }}'
+```
+
+  * You can at least limit the access to the port **19999** to known ip addresses with your firewall [see the documentation about security][netdata wiki security],…
+
 ## Configuration
 
 This role will :
 * Install needed packages to provide `netdata` service.
-* Manage Netdata configuration (/etc/netdata).
+* Manage Netdata configuration directory (/etc/netdata).
 * Ensure Netdata service is enabled and started.
+* Set up some basics configuration (bind ip, port,…).
 
 ## Development
 
@@ -87,3 +100,5 @@ Jérémy Gardais
 [netdata github]: https://github.com/ipr-cnrs/netdata
 [wtfpl website]: http://www.wtfpl.net/about/
 [ipr website]: https://ipr.univ-rennes1.fr/
+[netdata issue 164]: https://github.com/firehol/netdata/issues/164
+[netdata wiki security]: https://github.com/firehol/netdata/wiki/netdata-security#protect-netdata-from-the-internet

defaults/main.yml

@@ -70,5 +70,19 @@ netdata__service_manage: True
 netdata__etc_src: '../templates/etc/netdata'
 
                                                                    # ]]]
+# .. envvar:: netdata__conf_bind_ip [[[.
+#
+# IP address Netdata will listen to.
+#
+netdata__conf_bind_ip: '127.0.0.1'
+
+                                                                   # ]]]
+# .. envvar:: netdata__conf_bind_port [[[.
+#
+# Port Netdata will listen to.
+#
+netdata__conf_bind_port: '19999'
+
+                                                                   # ]]]
 
                                                                    # ]]]

templates/etc/netdata/netdata.conf.j2

@@ -18,4 +18,6 @@
 	web files group = root
 	# Netdata is not designed to be exposed to potentially hostile
 	# networks.See https://github.com/firehol/netdata/issues/164
-	bind socket to IP = 127.0.0.1
+
+[web]
+	bind to = {{ netdata__conf_bind_ip }}:{{ netdata__conf_bind_port }}

tests/inventory

@@ -0,0 +1 @@
+localhost

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - netdata