diff --git a/files/config.ini b/files/config.ini new file mode 100644 index 0000000..8534ea9 --- /dev/null +++ b/files/config.ini @@ -0,0 +1,208 @@ +[default] +# +# This is the configuration file for the openITCOCKPIT Monitoring Agent 3.x +# Notice: Empty values will not been ignored! If you want to disable an option like proxy comment it out! + +######################### +# Web Server # +######################### + +# Bind address of the build-in web server +# Use 0.0.0.0 to bind on all interfaces +address = 0.0.0.0 + +# Port of the Agents build-in web server +# Default port is 3333 +port = 3333 + +######################### +# Security Settings # +######################### + +# Try to enable auto ssl mode for webserver +try-autossl = True + +# File paths used to store autossl related files (default: /etc/openitcockpit-agent/): +# Leave this blank to use the default values +# Example: /etc/openitcockpit-agent/agent.csr +#autossl-csr-file = + +# Example: /etc/openitcockpit-agent/agent.crt +#autossl-crt-file = + +# Example: /etc/openitcockpit-agent/agent.key +#autossl-key-file = + +# Example: /etc/openitcockpit-agent/server_ca.crt +#autossl-ca-file = + +# If a certificate file is given, the agent will only be accessible through HTTPS +# Instead of messing around with self-signed certificates we recommend to use the autossl feature. +# Example: /etc/ssl/certs/ssl-cert-snakeoil.pem +#certfile = /etc/ssl/certs/ssl-cert-snakeoil.pem + +# Private key file of the given TLS certificate +# Example: /etc/ssl/private/ssl-cert-snakeoil.key +#keyfile = /etc/ssl/private/ssl-cert-snakeoil.key + +# Enable remote read and write access to the current agent configuration (this file) and +# the customchecks config +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +# ! WARNING: This could lead to remote code execution ! +# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +config-update-mode = False + +# Enable HTTP Basic Authentication +# Example: auth = user:password +#auth = user:password + +######################### +# Checks # +######################### + +# Determines in seconds how often the agent will schedule all internal checks +interval = 30 + +# Remote Plugin Execution +# Path to config will where custom checks can be defined +# Comment to use the default value +# +# Linux: /etc/openitcockpit-agent/customchecks.ini +# Windows: C:\Program Files\it-novum\openitcockpit-agent\customchecks.ini +# macOS: /Applications/openitcockpit-agent/customchecks.ini +#customchecks = /etc/openitcockpit-agent/customchecks.ini + +######################### +# Enable/Disable checks # +######################### + +# Enable CPU monitoring +cpustats = True + +# Enable memory monitoring +memory = True + +# Enable Swap monitoring +swap = True + +# Enable monitoring of running processes +processstats = True + +# Enable monitoring of network interfaces +netstats = True + +# Enable monitoring of the traffic (I/O) of network interfaces +netio = True + +# Enable disk usage monitoring +diskstats = True + +# Enable monitoring of disk I/O +diskio = True + +# Enable monitoring of Systemd Services (Linux only) +systemdservices = True + +# Enable monitoring of Launchd Services (macOS only) +launchdservices = True + +# Enable monitoring of Windows Services (Windows only) +winservices = True + +# Enable monitoring of Windows Event Log records (Windows only) +wineventlog = False + +# Determines how the openITCOCKPIT Monitoring Agent should query the Windows Event Log. +# Since Version 3.0.9 WMI (Windows Management Instrumentation) will be used by default +# As alternative the Agent could use the PowerShell Get-EventLog cmdlet. +# The WMI method will maybe memory leak on Windows Server 2016. The PowerShell workaround +# on the other hand could lead to blue screens (OA-40). +wineventlog-method = WMI +#wineventlog-method = PowerShell + +# Define comma separated windows event log log types +# Event Logs containing spaces DO NOT need to be quoted: Security,Sophos Cloud AD Sync,Application +wineventlog-logtypes = System,Application,Security + +# Enable monitoring of temperature and battery sensors +sensorstats = True + +# Enable support to monitor Docker containers +# Known issues: Error response from daemon: client version 1.41 is too new. Maximum supported API version is 1.40 +# Workaround: export DOCKER_API_VERSION=1.40 +dockerstats = False + +# Check KVMs through libvirt +# This requires to compile the openITCOCKPIT Monitoring Agent by yourself. +# Please see the Wiki for instructions: https://github.com/openITCOCKPIT/openitcockpit-agent-go/wiki/Build-binary +libvirt = True + +# Enable logged in users check +userstats = True + +# Enable system time monitoring +# Windows: Requires at least Windows Server 2016 or newer: https://learn.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-server-2016-improvements +# macOS: On macOS the system clock gets compared to the openITCOCKPIT servers clock +# Linux: For Docker environments you may have to set the --cap-add=SYS_TIME flag. +ntp = True + +######################### +# Push mode # +######################### + +# By default openITCOCKPIT will pull check results from the openITCOCKPIT Agent. +# In a cloud environments or behind a NAT network it could become handy +# if the openITCOCKPIT Monitoring Agent will push the results to your openITCOCKPIT Server +[oitc] + +# Enable Push Mode +enabled = False + +# This option disables the webserver of the openITCOCKPIT Monitoring Agent when running in PUSH mode. +# When you also want to enable the Webserver even if the agent is running in PUSH mode we highly recommend +# to enable HTTP Basic Authentication and to use the certfile and keyfile options to enable HTTPS +enable-webserver = False + +# Address of your openITCOCKPIT Server where the Agent will push the results to +# Example: https://demo.openitcockpit.io +url = + +# Enable this option when your openITCOCKPIT server uses valid TLS certificates +# like from Let's Encrypt +verify-server-certificate = False + +# Timeout in seconds for the HTTP push client +timeout = 10 + +# API-Key of your openITCOCKPIT Server +apikey = + +# Address of HTTP/HTTPS Proxy if required. +# Comment to disable +# Example: http://10.10.1.10:3128 +#proxy = http://10.10.1.10:3128 + + +######################### +# Prometheus Exporter # +######################### + +# The openITCOCKPIT Monitoring Agent can act as a Prometheus Exporter proxy. +# This means that the Agent will scrape the metrics from the exporters defined in the prometheus_exporters.ini +# and will expose them on the /prometheus endpoint. +# The openITCOCKPIT Agent will not touch the metrics itself. +# If the Agent is configured to use TLS encryption the /prometheus endpoint will also be encrypted. + +[prometheus] + +# Determines if the openITCOCKPIT Agent should act as a Prometheus Exporter +enabled = True + +# List of Prometheus Exporters +# +# Leave blank for the default value +# +# Linux: /etc/openitcockpit-agent/prometheus_exporters.ini +# Windows: C:\Program Files\it-novum\openitcockpit-agent\prometheus_exporters.ini +# macOS: /Applications/openitcockpit-agent/prometheus_exporters.ini +#exporters = /etc/openitcockpit-agent/prometheus_exporters.ini diff --git a/files/openitcockpit-agent_3.1.1_amd64.deb b/files/openitcockpit-agent_3.1.1_amd64.deb new file mode 100644 index 0000000..a514030 Binary files /dev/null and b/files/openitcockpit-agent_3.1.1_amd64.deb differ diff --git a/install_openitcockpit.yaml b/install_openitcockpit.yaml new file mode 100644 index 0000000..21d3df5 --- /dev/null +++ b/install_openitcockpit.yaml @@ -0,0 +1,63 @@ +--- +- hosts: cockpithosts + gather_facts: no + tasks: + # Copy remote file (host.example.com:/tmp/somefile) into + # /tmp/fetched/host.example.com/tmp/somefile on local machine + - fetch: + src: /files/openitcockpit-agent_3.1.1_amd64.deb + dest: /tmp/openitcockpit-agent_3.1.1_amd64.deb + + - name: change working directory + ansible.builtin.shell: + cmd: ls -l + chdir: /tmp + + # - name: Install a list of packages + # ansible.builtin.apt: + # pkg: + # - apt-transport-https + # - curl + # - gnupg + + # - name: Get GPG key + # ansible.builtin.shell: + # cmd: curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor >bazel-archive-keyring.gpg + + # - name: Move GPG key + # ansible.builtin.shell: + # cmd: mv bazel-archive-keyring.gpg /usr/share/keyrings + + # - name: Add Key and repo to system + # ansible.builtin.shell: + # cmd: echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/bazel-archive-keyring.gpg] https://storage.googleapis.com/bazel-apt stable jdk1.8' > /etc/apt/sources.list.d/bazel.list + + # - name: Run the equivalent of "apt-get update" as a separate step + # ansible.builtin.apt: + # update_cache: yes + + # - name: Update all installed packages using APT module + # apt: + # name: '*' + # state: latest + # update_cache: yes + # only_upgrade: yes + # register: apt_update_status + + # - name: Update all installed packages using APT module + # apt: + # name: '*' + # state: latest + # update_cache: yes + # only_upgrade: yes + # register: apt_update_status + + # - name: Remove packages not needed anymore + # apt: + # autoremove: yes + + # - name: Reboot when packages were updated + # reboot: + # post_reboot_delay: 60 + # when: apt_update_status.changed +#