Quellcode durchsuchen

Added InfluxDB, Mosquitto, mqtt-admin to iot role.

Thomas Buck vor 5 Jahren
Ursprung
Commit
8f7addbda5

+ 2
- 1
README.md Datei anzeigen

@@ -32,7 +32,8 @@ What do you get if you point Sovereign at a server? All kinds of good stuff!
32 32
 -   Your own VPN server via [OpenVPN](http://openvpn.net/index.php/open-source.html).
33 33
 -   An IRC bouncer via [ZNC](http://wiki.znc.in/ZNC).
34 34
 -   Git Repo hosting via [gitea](https://gitea.io/en-us/).
35
--   IoT Dashboard via [Grafana](https://grafana.com).
35
+-   IoT Dashboard via [Grafana](https://grafana.com) with [InfluxDB](https://www.influxdata.com/time-series-platform/influxdb/) and [Telegraf](https://www.influxdata.com/time-series-platform/telegraf/).
36
+-   [Mosquitto](https://mosquitto.org) and [mqtt-admin](https://github.com/hobbyquaker/mqtt-admin) on `iot.domain/mqtt`.
36 37
 -   [Monit](http://mmonit.com/monit/) to keep everything running smoothly (and alert you when it’s not).
37 38
 -   Web hosting (ex: for your blog) via [Apache](https://www.apache.org/).
38 39
 -   Statistics for the website using [Fathom](https://github.com/usefathom/fathom).

+ 7
- 0
roles/iot/defaults/main.yml Datei anzeigen

@@ -3,6 +3,9 @@ grafana_domain: "{{ grafana_subdomain }}.{{ domain }}"
3 3
 
4 4
 grafana_internal_port: '2942'
5 5
 
6
+mqtt_admin_version: '1.0.0'
7
+mqtt_admin_release: "https://github.com/hobbyquaker/mqtt-admin/releases/download/v{{ mqtt_admin_version }}/mqtt-admin_{{ mqtt_admin_version }}.zip"
8
+
6 9
 secret_root: '{{ inventory_dir | realpath }}'
7 10
 secret_name: 'secret'
8 11
 secret: '{{ secret_root + "/" + secret_name }}'
@@ -10,6 +13,10 @@ secret: '{{ secret_root + "/" + secret_name }}'
10 13
 grafana_main_user: "{{ main_user_name }}"
11 14
 grafana_main_user_password: "{{ lookup('password', secret + '/' + 'grafana_main_user_password length=20 chars=hexdigits') }}"
12 15
 
16
+mosquitto_users:
17
+  - name: "{{ main_user_name }}"
18
+    password: "{{ lookup('password', secret + '/' + 'mosquitto_main_user_password length=20 chars=hexdigits') }}"
19
+
13 20
 grafana_signing_key: "{{ lookup('password', secret + '/' + 'grafana_signing_key length=20 chars=hexdigits') }}"
14 21
 
15 22
 grafana_db_username: grafanauser

+ 9
- 0
roles/iot/handlers/main.yml Datei anzeigen

@@ -1,5 +1,14 @@
1 1
 - name: restart grafana
2 2
   service: name=grafana-server state=restarted
3 3
 
4
+- name: restart influxdb
5
+  service: name=influxdb state=restarted
6
+
7
+- name: restart telegraf
8
+  service: name=telegraf state=restarted
9
+
10
+- name: restart mosquitto
11
+  service: name=mosquitto state=restarted
12
+
4 13
 - name: restart apache
5 14
   service: name=apache2 state=restarted

+ 64
- 0
roles/iot/tasks/influx.yml Datei anzeigen

@@ -0,0 +1,64 @@
1
+---
2
+# Installs InfluxDB and Telegraf as described in:
3
+# https://docs.influxdata.com/influxdb/v1.7/introduction/installation
4
+# https://docs.influxdata.com/influxdb/v1.7/administration/config/
5
+# https://docs.influxdata.com/telegraf/v1.10/introduction/installation/
6
+# https://docs.influxdata.com/telegraf/v1.10/administration/configuration/
7
+
8
+- name: Ensure repository key for InfluxDB is in place
9
+  apt_key: url=https://repos.influxdata.com/influxdb.key state=present
10
+  tags:
11
+    - dependencies
12
+
13
+- name: Add InfluxDB repository
14
+  apt_repository: repo="deb https://repos.influxdata.com/debian {{ ansible_distribution_release }} stable"
15
+  tags:
16
+    - dependencies
17
+
18
+- name: Install InfluxDB and Telegraf from official repository
19
+  apt:
20
+    name: "{{ packages }}"
21
+    state: present
22
+    update_cache: yes
23
+  vars:
24
+    packages:
25
+    - influxdb
26
+    - telegraf
27
+  tags:
28
+    - dependencies
29
+
30
+- name: Configure InfluxDB
31
+  template:
32
+    src=etc_influxdb_influxdb.j2
33
+    dest=/etc/influxdb/influxdb.conf
34
+    owner=root
35
+    group=root
36
+  notify: restart influxdb
37
+
38
+- name: Create InfluxDB data directories
39
+  file: state=directory path={{ item }} owner=influxdb group=influxdb
40
+  with_items:
41
+    - /data/influxdb
42
+    - /data/influxdb/meta
43
+    - /data/influxdb/data
44
+    - /data/influxdb/wal
45
+
46
+- name: Configure Telegraf
47
+  template:
48
+    src=etc_telegraf_telegraf.j2
49
+    dest=/etc/telegraf/telegraf.conf
50
+    owner=root
51
+    group=root
52
+  notify: restart telegraf
53
+
54
+- name: Register new InfluxDB and Telegraf service
55
+  systemd: name={{ item }} daemon_reload=yes enabled=yes
56
+  with_items:
57
+    - influxdb
58
+    - telegraf
59
+
60
+- name: Start new InfluxDB and Telegraf instance
61
+  service: name={{ item }} state=started
62
+  with_items:
63
+    - influxdb
64
+    - telegraf

+ 3
- 0
roles/iot/tasks/main.yml Datei anzeigen

@@ -1 +1,4 @@
1 1
 - include: grafana.yml tags=iot
2
+- include: influx.yml tags=iot
3
+- include: mosquitto.yml tags=iot
4
+- include: mqtt_admin.yml tags=iot

+ 57
- 0
roles/iot/tasks/mosquitto.yml Datei anzeigen

@@ -0,0 +1,57 @@
1
+---
2
+# Installs Mosquitto MQTT Broker
3
+
4
+- name: Ensure repository key for Mosquitto is in place
5
+  apt_key: url=https://repo.mosquitto.org/debian/mosquitto-repo.gpg.key state=present
6
+  tags:
7
+    - dependencies
8
+
9
+- name: Add Mosquitto repository
10
+  apt_repository: repo="deb https://repo.mosquitto.org/debian {{ ansible_distribution_release }} main"
11
+  tags:
12
+    - dependencies
13
+
14
+- name: Install Mosquitto from official repository
15
+  apt:
16
+    name: "{{ packages }}"
17
+    state: present
18
+    update_cache: yes
19
+  vars:
20
+    packages:
21
+    - mosquitto
22
+    - mosquitto-clients
23
+  tags:
24
+    - dependencies
25
+
26
+- name: Configure Mosquitto
27
+  template:
28
+    src={{ item.src }}
29
+    dest={{ item.dest }}
30
+    owner=root
31
+    group=root
32
+  with_items:
33
+    - { src: 'etc_mosquitto_conf.d_10-users.j2', dest: '/etc/mosquitto/conf.d/10-users.conf' }
34
+    - { src: 'etc_mosquitto_conf.d_20-default.j2', dest: '/etc/mosquitto/conf.d/20-default.conf' }
35
+    - { src: 'etc_mosquitto_conf.d_21-tls.j2', dest: '/etc/mosquitto/conf.d/21-tls.conf' }
36
+    - { src: 'etc_mosquitto_conf.d_22-ws.j2', dest: '/etc/mosquitto/conf.d/22-ws.conf' }
37
+  notify: restart mosquitto
38
+
39
+- name: Ensure mosquitto passwd file exists
40
+  file: path=/etc/mosquitto/passwd state=touch
41
+
42
+- name: Create mosquitto users
43
+  shell: mosquitto_passwd -b /etc/mosquitto/passwd {{ item.name }} {{ item.password }}
44
+  with_items: "{{ mosquitto_users }}"
45
+
46
+- name: Set firewall rules for Mosquitto
47
+  ufw: rule=allow port={{ item }} proto=tcp
48
+  with_items:
49
+    - 8883  # mqtts (+ ssl)
50
+    - 8083  # mqtt websocket
51
+  tags: ufw
52
+
53
+- name: Register new Mosquitto service
54
+  systemd: name=mosquitto daemon_reload=yes enabled=yes
55
+
56
+- name: Start new Mosquitto instance
57
+  service: name=mosquitto state=started

+ 18
- 0
roles/iot/tasks/mqtt_admin.yml Datei anzeigen

@@ -0,0 +1,18 @@
1
+- name: Create temporary mqtt-admin directory
2
+  file: state=directory path=/root/mqtt-admin
3
+
4
+- name: Download mqtt-admin {{ mqtt_admin_version }} release
5
+  get_url:
6
+    url="{{ mqtt_admin_release }}"
7
+    dest=/root/mqtt-admin/mqtt-admin-{{ mqtt_admin_version }}.zip
8
+
9
+- name: Decompress mqtt-admin release
10
+  unarchive: src=/root/mqtt-admin/mqtt-admin-{{ mqtt_admin_version }}.zip
11
+             dest=/root/mqtt-admin/ copy=no
12
+             creates=/root/mqtt-admin/mqtt-admin
13
+
14
+- name: Create mqtt-admin webserver directory
15
+  file: state=directory path=/var/www/mqtt-admin
16
+
17
+- name: Copy mqtt-admin to webserver directory
18
+  shell: cp -R /root/mqtt-admin/mqtt-admin/* /var/www/mqtt-admin

+ 3
- 0
roles/iot/templates/etc_apache2_sites-available_grafana.j2 Datei anzeigen

@@ -16,6 +16,9 @@
16 16
     ErrorLog                /var/log/apache2/grafana.info-error_log
17 17
     CustomLog               /var/log/apache2/grafana.info-access_log common
18 18
 
19
+    Alias                   /mqtt /var/www/mqtt-admin
20
+    ProxyPassMatch          ^/mqtt !
21
+
19 22
     ProxyRequests           Off
20 23
     ProxyPreserveHost       On
21 24
     ProxyPass               / http://localhost:{{ grafana_internal_port }}/

+ 5
- 5
roles/iot/templates/etc_grafana_grafana.j2 Datei anzeigen

@@ -198,7 +198,7 @@ cookie_samesite = strict
198 198
 #################################### Users ###############################
199 199
 [users]
200 200
 # disable user signup / registration
201
-;allow_sign_up = true
201
+allow_sign_up = false
202 202
 
203 203
 # Allow non admin users to create organizations
204 204
 ;allow_org_create = true
@@ -252,7 +252,7 @@ cookie_samesite = strict
252 252
 #################################### Anonymous Auth ######################
253 253
 [auth.anonymous]
254 254
 # enable anonymous access
255
-;enabled = false
255
+enabled = true
256 256
 
257 257
 # specify organization name that should be used for unauthenticated users
258 258
 ;org_name = Main Org.
@@ -345,11 +345,11 @@ enabled = true
345 345
 ;password =
346 346
 ;cert_file =
347 347
 ;key_file =
348
-;skip_verify = false
349
-from_address = admin@{{ grafana_domain }}
348
+skip_verify = true
349
+from_address = grafana@{{ domain }}
350 350
 ;from_name = Grafana
351 351
 # EHLO identity in SMTP dialog (defaults to instance_name)
352
-ehlo_identity = {{ grafana_domain }}
352
+ehlo_identity = {{ domain }}
353 353
 
354 354
 [emails]
355 355
 welcome_email_on_sign_up = true

+ 577
- 0
roles/iot/templates/etc_influxdb_influxdb.j2 Datei anzeigen

@@ -0,0 +1,577 @@
1
+### Welcome to the InfluxDB configuration file.
2
+
3
+# The values in this file override the default values used by the system if
4
+# a config option is not specified. The commented out lines are the configuration
5
+# field and the default value used. Uncommenting a line and changing the value
6
+# will change the value used at runtime when the process is restarted.
7
+
8
+# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com
9
+# The data includes a random ID, os, arch, version, the number of series and other
10
+# usage data. No data from user databases is ever transmitted.
11
+# Change this option to true to disable reporting.
12
+reporting-disabled = true
13
+
14
+# Bind address to use for the RPC service for backup and restore.
15
+# bind-address = "127.0.0.1:8088"
16
+
17
+###
18
+### [meta]
19
+###
20
+### Controls the parameters for the Raft consensus group that stores metadata
21
+### about the InfluxDB cluster.
22
+###
23
+
24
+[meta]
25
+  # Where the metadata/raft database is stored
26
+  dir = "/data/influxdb/meta"
27
+
28
+  # Automatically create a default retention policy when creating a database.
29
+  # retention-autocreate = true
30
+
31
+  # If log messages are printed for the meta service
32
+  # logging-enabled = true
33
+
34
+###
35
+### [data]
36
+###
37
+### Controls where the actual shard data for InfluxDB lives and how it is
38
+### flushed from the WAL. "dir" may need to be changed to a suitable place
39
+### for your system, but the WAL settings are an advanced configuration. The
40
+### defaults should work for most systems.
41
+###
42
+
43
+[data]
44
+  # The directory where the TSM storage engine stores TSM files.
45
+  dir = "/data/influxdb/data"
46
+
47
+  # The directory where the TSM storage engine stores WAL files.
48
+  wal-dir = "/data/influxdb/wal"
49
+
50
+  # The amount of time that a write will wait before fsyncing.  A duration
51
+  # greater than 0 can be used to batch up multiple fsync calls.  This is useful for slower
52
+  # disks or when WAL write contention is seen.  A value of 0s fsyncs every write to the WAL.
53
+  # Values in the range of 0-100ms are recommended for non-SSD disks.
54
+  # wal-fsync-delay = "0s"
55
+
56
+
57
+  # The type of shard index to use for new shards.  The default is an in-memory index that is
58
+  # recreated at startup.  A value of "tsi1" will use a disk based index that supports higher
59
+  # cardinality datasets.
60
+  # index-version = "inmem"
61
+
62
+  # Trace logging provides more verbose output around the tsm engine. Turning
63
+  # this on can provide more useful output for debugging tsm engine issues.
64
+  # trace-logging-enabled = false
65
+
66
+  # Whether queries should be logged before execution. Very useful for troubleshooting, but will
67
+  # log any sensitive data contained within a query.
68
+  # query-log-enabled = true
69
+
70
+  # Validates incoming writes to ensure keys only have valid unicode characters.
71
+  # This setting will incur a small overhead because every key must be checked.
72
+  # validate-keys = false
73
+
74
+  # Settings for the TSM engine
75
+
76
+  # CacheMaxMemorySize is the maximum size a shard's cache can
77
+  # reach before it starts rejecting writes.
78
+  # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k).
79
+  # Values without a size suffix are in bytes.
80
+  # cache-max-memory-size = "1g"
81
+
82
+  # CacheSnapshotMemorySize is the size at which the engine will
83
+  # snapshot the cache and write it to a TSM file, freeing up memory
84
+  # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k).
85
+  # Values without a size suffix are in bytes.
86
+  # cache-snapshot-memory-size = "25m"
87
+
88
+  # CacheSnapshotWriteColdDuration is the length of time at
89
+  # which the engine will snapshot the cache and write it to
90
+  # a new TSM file if the shard hasn't received writes or deletes
91
+  # cache-snapshot-write-cold-duration = "10m"
92
+
93
+  # CompactFullWriteColdDuration is the duration at which the engine
94
+  # will compact all TSM files in a shard if it hasn't received a
95
+  # write or delete
96
+  # compact-full-write-cold-duration = "4h"
97
+
98
+  # The maximum number of concurrent full and level compactions that can run at one time.  A
99
+  # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime.  Any number greater
100
+  # than 0 limits compactions to that value.  This setting does not apply
101
+  # to cache snapshotting.
102
+  # max-concurrent-compactions = 0
103
+
104
+  # CompactThroughput is the rate limit in bytes per second that we
105
+  # will allow TSM compactions to write to disk. Note that short bursts are allowed
106
+  # to happen at a possibly larger value, set by CompactThroughputBurst
107
+  # compact-throughput = "48m"
108
+
109
+  # CompactThroughputBurst is the rate limit in bytes per second that we
110
+  # will allow TSM compactions to write to disk.
111
+  # compact-throughput-burst = "48m"
112
+
113
+  # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to
114
+  # TSM files. This setting has been found to be problematic on some kernels, and defaults to off.
115
+  # It might help users who have slow disks in some cases.
116
+  # tsm-use-madv-willneed = false
117
+
118
+  # Settings for the inmem index
119
+
120
+  # The maximum series allowed per database before writes are dropped.  This limit can prevent
121
+  # high cardinality issues at the database level.  This limit can be disabled by setting it to
122
+  # 0.
123
+  # max-series-per-database = 1000000
124
+
125
+  # The maximum number of tag values per tag that are allowed before writes are dropped.  This limit
126
+  # can prevent high cardinality tag values from being written to a measurement.  This limit can be
127
+  # disabled by setting it to 0.
128
+  # max-values-per-tag = 100000
129
+
130
+  # Settings for the tsi1 index
131
+
132
+  # The threshold, in bytes, when an index write-ahead log file will compact
133
+  # into an index file. Lower sizes will cause log files to be compacted more
134
+  # quickly and result in lower heap usage at the expense of write throughput.
135
+  # Higher sizes will be compacted less frequently, store more series in-memory,
136
+  # and provide higher write throughput.
137
+  # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k).
138
+  # Values without a size suffix are in bytes.
139
+  # max-index-log-file-size = "1m"
140
+
141
+  # The size of the internal cache used in the TSI index to store previously 
142
+  # calculated series results. Cached results will be returned quickly from the cache rather
143
+  # than needing to be recalculated when a subsequent query with a matching tag key/value 
144
+  # predicate is executed. Setting this value to 0 will disable the cache, which may
145
+  # lead to query performance issues.
146
+  # This value should only be increased if it is known that the set of regularly used 
147
+  # tag key/value predicates across all measurements for a database is larger than 100. An
148
+  # increase in cache size may lead to an increase in heap usage.
149
+  series-id-set-cache-size = 100
150
+
151
+###
152
+### [coordinator]
153
+###
154
+### Controls the clustering service configuration.
155
+###
156
+
157
+[coordinator]
158
+  # The default time a write request will wait until a "timeout" error is returned to the caller.
159
+  # write-timeout = "10s"
160
+
161
+  # The maximum number of concurrent queries allowed to be executing at one time.  If a query is
162
+  # executed and exceeds this limit, an error is returned to the caller.  This limit can be disabled
163
+  # by setting it to 0.
164
+  # max-concurrent-queries = 0
165
+
166
+  # The maximum time a query will is allowed to execute before being killed by the system.  This limit
167
+  # can help prevent run away queries.  Setting the value to 0 disables the limit.
168
+  # query-timeout = "0s"
169
+
170
+  # The time threshold when a query will be logged as a slow query.  This limit can be set to help
171
+  # discover slow or resource intensive queries.  Setting the value to 0 disables the slow query logging.
172
+  # log-queries-after = "0s"
173
+
174
+  # The maximum number of points a SELECT can process.  A value of 0 will make
175
+  # the maximum point count unlimited.  This will only be checked every second so queries will not
176
+  # be aborted immediately when hitting the limit.
177
+  # max-select-point = 0
178
+
179
+  # The maximum number of series a SELECT can run.  A value of 0 will make the maximum series
180
+  # count unlimited.
181
+  # max-select-series = 0
182
+
183
+  # The maxium number of group by time bucket a SELECT can create.  A value of zero will max the maximum
184
+  # number of buckets unlimited.
185
+  # max-select-buckets = 0
186
+
187
+###
188
+### [retention]
189
+###
190
+### Controls the enforcement of retention policies for evicting old data.
191
+###
192
+
193
+[retention]
194
+  # Determines whether retention policy enforcement enabled.
195
+  # enabled = true
196
+
197
+  # The interval of time when retention policy enforcement checks run.
198
+  # check-interval = "30m"
199
+
200
+###
201
+### [shard-precreation]
202
+###
203
+### Controls the precreation of shards, so they are available before data arrives.
204
+### Only shards that, after creation, will have both a start- and end-time in the
205
+### future, will ever be created. Shards are never precreated that would be wholly
206
+### or partially in the past.
207
+
208
+[shard-precreation]
209
+  # Determines whether shard pre-creation service is enabled.
210
+  # enabled = true
211
+
212
+  # The interval of time when the check to pre-create new shards runs.
213
+  # check-interval = "10m"
214
+
215
+  # The default period ahead of the endtime of a shard group that its successor
216
+  # group is created.
217
+  # advance-period = "30m"
218
+
219
+###
220
+### Controls the system self-monitoring, statistics and diagnostics.
221
+###
222
+### The internal database for monitoring data is created automatically if
223
+### if it does not already exist. The target retention within this database
224
+### is called 'monitor' and is also created with a retention period of 7 days
225
+### and a replication factor of 1, if it does not exist. In all cases the
226
+### this retention policy is configured as the default for the database.
227
+
228
+[monitor]
229
+  # Whether to record statistics internally.
230
+  # store-enabled = true
231
+
232
+  # The destination database for recorded statistics
233
+  # store-database = "_internal"
234
+
235
+  # The interval at which to record statistics
236
+  # store-interval = "10s"
237
+
238
+###
239
+### [http]
240
+###
241
+### Controls how the HTTP endpoints are configured. These are the primary
242
+### mechanism for getting data into and out of InfluxDB.
243
+###
244
+
245
+[http]
246
+  # Determines whether HTTP endpoint is enabled.
247
+  # enabled = true
248
+
249
+  # Determines whether the Flux query endpoint is enabled.
250
+  # flux-enabled = false
251
+
252
+  # Determines whether the Flux query logging is enabled.
253
+  # flux-log-enabled = false
254
+
255
+  # The bind address used by the HTTP service.
256
+  # bind-address = ":8086"
257
+
258
+  # Determines whether user authentication is enabled over HTTP/HTTPS.
259
+  # auth-enabled = false
260
+
261
+  # The default realm sent back when issuing a basic auth challenge.
262
+  # realm = "InfluxDB"
263
+
264
+  # Determines whether HTTP request logging is enabled.
265
+  # log-enabled = true
266
+
267
+  # Determines whether the HTTP write request logs should be suppressed when the log is enabled.
268
+  # suppress-write-log = false
269
+
270
+  # When HTTP request logging is enabled, this option specifies the path where
271
+  # log entries should be written. If unspecified, the default is to write to stderr, which
272
+  # intermingles HTTP logs with internal InfluxDB logging.
273
+  #
274
+  # If influxd is unable to access the specified path, it will log an error and fall back to writing
275
+  # the request log to stderr.
276
+  # access-log-path = ""
277
+
278
+  # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is
279
+  # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx.
280
+  # If multiple filters are used, then only one has to match. The default is to have no filters which
281
+  # will cause every request to be printed.
282
+  # access-log-status-filters = []
283
+
284
+  # Determines whether detailed write logging is enabled.
285
+  # write-tracing = false
286
+
287
+  # Determines whether the pprof endpoint is enabled.  This endpoint is used for
288
+  # troubleshooting and monitoring.
289
+  # pprof-enabled = true
290
+
291
+  # Enables a pprof endpoint that binds to localhost:6060 immediately on startup.
292
+  # This is only needed to debug startup issues.
293
+  # debug-pprof-enabled = false
294
+
295
+  # Determines whether HTTPS is enabled.
296
+  # https-enabled = false
297
+
298
+  # The SSL certificate to use when HTTPS is enabled.
299
+  # https-certificate = "/etc/ssl/influxdb.pem"
300
+
301
+  # Use a separate private key location.
302
+  # https-private-key = ""
303
+
304
+  # The JWT auth shared secret to validate requests using JSON web tokens.
305
+  # shared-secret = ""
306
+
307
+  # The default chunk size for result sets that should be chunked.
308
+  # max-row-limit = 0
309
+
310
+  # The maximum number of HTTP connections that may be open at once.  New connections that
311
+  # would exceed this limit are dropped.  Setting this value to 0 disables the limit.
312
+  # max-connection-limit = 0
313
+
314
+  # Enable http service over unix domain socket
315
+  # unix-socket-enabled = false
316
+
317
+  # The path of the unix domain socket.
318
+  # bind-socket = "/var/run/influxdb.sock"
319
+
320
+  # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit.
321
+  # max-body-size = 25000000
322
+
323
+  # The maximum number of writes processed concurrently.
324
+  # Setting this to 0 disables the limit.
325
+  # max-concurrent-write-limit = 0
326
+
327
+  # The maximum number of writes queued for processing.
328
+  # Setting this to 0 disables the limit.
329
+  # max-enqueued-write-limit = 0
330
+
331
+  # The maximum duration for a write to wait in the queue to be processed.
332
+  # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit.
333
+  # enqueued-write-timeout = 0
334
+
335
+###
336
+### [logging]
337
+###
338
+### Controls how the logger emits logs to the output.
339
+###
340
+
341
+[logging]
342
+  # Determines which log encoder to use for logs. Available options
343
+  # are auto, logfmt, and json. auto will use a more a more user-friendly
344
+  # output format if the output terminal is a TTY, but the format is not as
345
+  # easily machine-readable. When the output is a non-TTY, auto will use
346
+  # logfmt.
347
+  # format = "auto"
348
+
349
+  # Determines which level of logs will be emitted. The available levels
350
+  # are error, warn, info, and debug. Logs that are equal to or above the
351
+  # specified level will be emitted.
352
+  # level = "info"
353
+
354
+  # Suppresses the logo output that is printed when the program is started.
355
+  # The logo is always suppressed if STDOUT is not a TTY.
356
+  # suppress-logo = false
357
+
358
+###
359
+### [subscriber]
360
+###
361
+### Controls the subscriptions, which can be used to fork a copy of all data
362
+### received by the InfluxDB host.
363
+###
364
+
365
+[subscriber]
366
+  # Determines whether the subscriber service is enabled.
367
+  # enabled = true
368
+
369
+  # The default timeout for HTTP writes to subscribers.
370
+  # http-timeout = "30s"
371
+
372
+  # Allows insecure HTTPS connections to subscribers.  This is useful when testing with self-
373
+  # signed certificates.
374
+  # insecure-skip-verify = false
375
+
376
+  # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used
377
+  # ca-certs = ""
378
+
379
+  # The number of writer goroutines processing the write channel.
380
+  # write-concurrency = 40
381
+
382
+  # The number of in-flight writes buffered in the write channel.
383
+  # write-buffer-size = 1000
384
+
385
+
386
+###
387
+### [[graphite]]
388
+###
389
+### Controls one or many listeners for Graphite data.
390
+###
391
+
392
+[[graphite]]
393
+  # Determines whether the graphite endpoint is enabled.
394
+  # enabled = false
395
+  # database = "graphite"
396
+  # retention-policy = ""
397
+  # bind-address = ":2003"
398
+  # protocol = "tcp"
399
+  # consistency-level = "one"
400
+
401
+  # These next lines control how batching works. You should have this enabled
402
+  # otherwise you could get dropped metrics or poor performance. Batching
403
+  # will buffer points in memory if you have many coming in.
404
+
405
+  # Flush if this many points get buffered
406
+  # batch-size = 5000
407
+
408
+  # number of batches that may be pending in memory
409
+  # batch-pending = 10
410
+
411
+  # Flush at least this often even if we haven't hit buffer limit
412
+  # batch-timeout = "1s"
413
+
414
+  # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max.
415
+  # udp-read-buffer = 0
416
+
417
+  ### This string joins multiple matching 'measurement' values providing more control over the final measurement name.
418
+  # separator = "."
419
+
420
+  ### Default tags that will be added to all metrics.  These can be overridden at the template level
421
+  ### or by tags extracted from metric
422
+  # tags = ["region=us-east", "zone=1c"]
423
+
424
+  ### Each template line requires a template pattern.  It can have an optional
425
+  ### filter before the template and separated by spaces.  It can also have optional extra
426
+  ### tags following the template.  Multiple tags should be separated by commas and no spaces
427
+  ### similar to the line protocol format.  There can be only one default template.
428
+  # templates = [
429
+  #   "*.app env.service.resource.measurement",
430
+  #   # Default template
431
+  #   "server.*",
432
+  # ]
433
+
434
+###
435
+### [collectd]
436
+###
437
+### Controls one or many listeners for collectd data.
438
+###
439
+
440
+[[collectd]]
441
+  # enabled = false
442
+  # bind-address = ":25826"
443
+  # database = "collectd"
444
+  # retention-policy = ""
445
+  #
446
+  # The collectd service supports either scanning a directory for multiple types
447
+  # db files, or specifying a single db file.
448
+  # typesdb = "/usr/local/share/collectd"
449
+  #
450
+  # security-level = "none"
451
+  # auth-file = "/etc/collectd/auth_file"
452
+
453
+  # These next lines control how batching works. You should have this enabled
454
+  # otherwise you could get dropped metrics or poor performance. Batching
455
+  # will buffer points in memory if you have many coming in.
456
+
457
+  # Flush if this many points get buffered
458
+  # batch-size = 5000
459
+
460
+  # Number of batches that may be pending in memory
461
+  # batch-pending = 10
462
+
463
+  # Flush at least this often even if we haven't hit buffer limit
464
+  # batch-timeout = "10s"
465
+
466
+  # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max.
467
+  # read-buffer = 0
468
+
469
+  # Multi-value plugins can be handled two ways.
470
+  # "split" will parse and store the multi-value plugin data into separate measurements
471
+  # "join" will parse and store the multi-value plugin as a single multi-value measurement.
472
+  # "split" is the default behavior for backward compatability with previous versions of influxdb.
473
+  # parse-multivalue-plugin = "split"
474
+###
475
+### [opentsdb]
476
+###
477
+### Controls one or many listeners for OpenTSDB data.
478
+###
479
+
480
+[[opentsdb]]
481
+  # enabled = false
482
+  # bind-address = ":4242"
483
+  # database = "opentsdb"
484
+  # retention-policy = ""
485
+  # consistency-level = "one"
486
+  # tls-enabled = false
487
+  # certificate= "/etc/ssl/influxdb.pem"
488
+
489
+  # Log an error for every malformed point.
490
+  # log-point-errors = true
491
+
492
+  # These next lines control how batching works. You should have this enabled
493
+  # otherwise you could get dropped metrics or poor performance. Only points
494
+  # metrics received over the telnet protocol undergo batching.
495
+
496
+  # Flush if this many points get buffered
497
+  # batch-size = 1000
498
+
499
+  # Number of batches that may be pending in memory
500
+  # batch-pending = 5
501
+
502
+  # Flush at least this often even if we haven't hit buffer limit
503
+  # batch-timeout = "1s"
504
+
505
+###
506
+### [[udp]]
507
+###
508
+### Controls the listeners for InfluxDB line protocol data via UDP.
509
+###
510
+
511
+[[udp]]
512
+  # enabled = false
513
+  # bind-address = ":8089"
514
+  # database = "udp"
515
+  # retention-policy = ""
516
+
517
+  # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h")
518
+  # precision = ""
519
+
520
+  # These next lines control how batching works. You should have this enabled
521
+  # otherwise you could get dropped metrics or poor performance. Batching
522
+  # will buffer points in memory if you have many coming in.
523
+
524
+  # Flush if this many points get buffered
525
+  # batch-size = 5000
526
+
527
+  # Number of batches that may be pending in memory
528
+  # batch-pending = 10
529
+
530
+  # Will flush at least this often even if we haven't hit buffer limit
531
+  # batch-timeout = "1s"
532
+
533
+  # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max.
534
+  # read-buffer = 0
535
+
536
+###
537
+### [continuous_queries]
538
+###
539
+### Controls how continuous queries are run within InfluxDB.
540
+###
541
+
542
+[continuous_queries]
543
+  # Determines whether the continuous query service is enabled.
544
+  # enabled = true
545
+
546
+  # Controls whether queries are logged when executed by the CQ service.
547
+  # log-enabled = true
548
+
549
+  # Controls whether queries are logged to the self-monitoring data store.
550
+  # query-stats-enabled = false
551
+
552
+  # interval for how often continuous queries will be checked if they need to run
553
+  # run-interval = "1s"
554
+
555
+###
556
+### [tls]
557
+###
558
+### Global configuration settings for TLS in InfluxDB.
559
+###
560
+
561
+[tls]
562
+  # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants
563
+  # for a list of available ciphers, which depends on the version of Go (use the query
564
+  # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses
565
+  # the default settings from Go's crypto/tls package.
566
+  # ciphers = [
567
+  #   "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
568
+  #   "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
569
+  # ]
570
+
571
+  # Minimum version of the tls protocol that will be negotiated. If not specified, uses the
572
+  # default settings from Go's crypto/tls package.
573
+  # min-version = "tls1.2"
574
+
575
+  # Maximum version of the tls protocol that will be negotiated. If not specified, uses the
576
+  # default settings from Go's crypto/tls package.
577
+  # max-version = "tls1.2"

+ 2
- 0
roles/iot/templates/etc_mosquitto_conf.d_10-users.j2 Datei anzeigen

@@ -0,0 +1,2 @@
1
+allow_anonymous false
2
+password_file /etc/mosquitto/passwd

+ 1
- 0
roles/iot/templates/etc_mosquitto_conf.d_20-default.j2 Datei anzeigen

@@ -0,0 +1 @@
1
+listener 1883 localhost

+ 4
- 0
roles/iot/templates/etc_mosquitto_conf.d_21-tls.j2 Datei anzeigen

@@ -0,0 +1,4 @@
1
+listener 8883
2
+certfile /etc/letsencrypt/live/{{ domain }}/cert.pem
3
+cafile /etc/letsencrypt/live/{{ domain }}/chain.pem
4
+keyfile /etc/letsencrypt/live/{{ domain }}/privkey.pem

+ 5
- 0
roles/iot/templates/etc_mosquitto_conf.d_22-ws.j2 Datei anzeigen

@@ -0,0 +1,5 @@
1
+listener 8083
2
+protocol websockets
3
+certfile /etc/letsencrypt/live/{{ domain }}/cert.pem
4
+cafile /etc/letsencrypt/live/{{ domain }}/chain.pem
5
+keyfile /etc/letsencrypt/live/{{ domain }}/privkey.pem

+ 5245
- 0
roles/iot/templates/etc_telegraf_telegraf.j2
Datei-Diff unterdrückt, da er zu groß ist
Datei anzeigen


+ 8
- 0
roles/monitoring/files/etc_monit_conf.d_influxdb Datei anzeigen

@@ -0,0 +1,8 @@
1
+check process influxdb matching "influxd"
2
+  group iot
3
+  start program = "/bin/systemctl start influxdb"
4
+  stop program = "/bin/systemctl stop influxdb"
5
+  if failed port 8086 type tcp
6
+    with timeout 10 seconds
7
+    then restart
8
+  if 5 restarts within 5 cycles then timeout

+ 8
- 0
roles/monitoring/files/etc_monit_conf.d_mosquitto Datei anzeigen

@@ -0,0 +1,8 @@
1
+check process mosquitto matching mosquitto
2
+  group iot
3
+  start program = "/bin/systemctl start mosquitto"
4
+  stop program = "/bin/systemctl stop mosquitto"
5
+  if failed host localhost port 1883 type tcp then restart
6
+  if failed host localhost port 8883 type tcp then restart
7
+  if failed host localhost port 8083 type tcp then restart
8
+  if 5 restarts within 5 cycles then timeout

+ 4
- 0
roles/monitoring/files/etc_monit_conf.d_telegraf Datei anzeigen

@@ -0,0 +1,4 @@
1
+check process telegraf matching "telegraf"
2
+  group iot
3
+  start program = "/bin/systemctl start telegraf"
4
+  stop program = "/bin/systemctl stop telegraf"

+ 27
- 0
roles/monitoring/tasks/monit.yml Datei anzeigen

@@ -56,6 +56,18 @@
56 56
   stat: path=/etc/grafana/grafana.ini
57 57
   register: grafana_config_file
58 58
 
59
+- name: Determine if InfluxDB is installed
60
+  stat: path=/etc/influxdb/influxdb.conf
61
+  register: influxdb_config_file
62
+
63
+- name: Determine if Telegraf is installed
64
+  stat: path=/etc/telegraf/telegraf.conf
65
+  register: telegraf_config_file
66
+
67
+- name: Determine if Mosquitto is installed
68
+  stat: path=/etc/mosquitto/mosquitto.conf
69
+  register: mosquitto_config_file
70
+
59 71
 - name: Copy ZNC monit service config files into place
60 72
   copy: src=etc_monit_conf.d_znc dest=/etc/monit/conf.d/znc
61 73
   notify: restart monit
@@ -106,6 +118,21 @@
106 118
   notify: restart monit
107 119
   when: grafana_config_file.stat.exists == True
108 120
 
121
+- name: Copy InfluxDB monit service config files into place
122
+  copy: src=etc_monit_conf.d_influxdb dest=/etc/monit/conf.d/influxdb
123
+  notify: restart monit
124
+  when: influxdb_config_file.stat.exists == True
125
+
126
+- name: Copy Telegraf monit service config files into place
127
+  copy: src=etc_monit_conf.d_telegraf dest=/etc/monit/conf.d/telegraf
128
+  notify: restart monit
129
+  when: telegraf_config_file.stat.exists == True
130
+
131
+- name: Copy Mosquitto monit service config files into place
132
+  copy: src=etc_monit_conf.d_mosquitto dest=/etc/monit/conf.d/mosquitto
133
+  notify: restart monit
134
+  when: mosquitto_config_file.stat.exists == True
135
+
109 136
 - name: Copy monit service config files into place
110 137
   copy: src=etc_monit_conf.d_{{ item }} dest=/etc/monit/conf.d/{{ item }}
111 138
   with_items:

Laden…
Abbrechen
Speichern