Enhancement #696
closed
New VM for sup/Zabbix
100%
Description
Zabbix service is currently hosted on Nicecity but this host doesn't provide the resources (mainly CPU, for example: load average: 8.64, 8.47, 8.08) required for Zabbix.
Here is
Orthos:
- CPU: one core of the host (Intel i5-8600T) fully dedicated to this VM
- memory: 2Go (can be extended to 4Go)
- storage: 40Go
- main repository
add_new_host_zabbix-server: add Orthos to the inventorydependency_and_order: setupbuster-backportsbefore using it, installgpgbinarymkcert_fix_RANDFILE_and_req_dn: fix name of section in template, unsetRANDFILE- TODO: Zabbix server: use Orthos
ansible-role-fail2banrepository:buster_ignore_apt-listbugs: force installation offail2banpackage
Updated by Pierre-Louis Bonicoli about 5 years ago
- Description updated (diff)
- Status changed from New to In Progress
Updated by Marc Dequènes about 5 years ago
I reviewed add_new_host_zabbix-server and it's almost fine: data/duckcorp/interfaces/Orthos is missing, so if I reboot the machine to get the interface mapping created, then the network is going to be broken.
Updated by Marc Dequènes about 5 years ago
I merged dependency_and_order, good catch.
Updated by Marc Dequènes about 5 years ago
I merged mkcert_fix_RANDFILE_and_req_dn, thanks.
Updated by Marc Dequènes about 5 years ago
merged buster_ignore_apt-listbugs; stumbled on it in #537 and totally forgot it, oops. Thanks you. Very elegant workaround only targeting this specific version, I really like it :-).
Updated by Pierre-Louis Bonicoli about 5 years ago
Marc Dequènes wrote:
I reviewed add_new_host_zabbix-server and it's almost fine: data/duckcorp/interfaces/Orthos is missing, so if I reboot the machine to get the interface mapping created, then the network is going to be broken.
Updated: missing file has been added.
Updated by Pierre-Louis Bonicoli about 5 years ago
Branch add_new_host_zabbix-server updated with another fix:
--- a/ansible/host_vars/Orthos/ssh.yml +++ b/ansible/host_vars/Orthos/ssh.yml @@ -1,4 +1,4 @@ --- ssh: - port: 30001 + port: 22 # NATED port listen_addresses:
Updated by Marc Dequènes about 5 years ago
I see the interface has been added but DHCP is not acceptable for a server, we need a fixed IP and avoid dependencies on core services as much as possible to avoid loosing access.
As for the SSH fix, it has not been pushed. Anyway in this case this file is not necessary as it is the default config. If you wish to add a comment about the NAT then I would suggest to add it to connection.yml (but I think it's pretty obvious).
Updated by Pierre-Louis Bonicoli about 5 years ago
- % Done changed from 0 to 50
Marc Dequènes wrote:
I see the interface has been added but DHCP is not acceptable for a server, we need a fixed IP and avoid dependencies on core services as much as possible to avoid loosing access.
With the current setup, libvirt/dnsmasq will always return the same IP (192.168.100.2).
As for the SSH fix, it has not been pushed.
Indeed, pushed.
Anyway in this case this file is not necessary as it is the default config. If you wish to add a comment about the NAT then I would suggest to add it to connection.yml (but I think it's pretty obvious).
ansible/host_vars/Orthos/ssh.yml has been removed.
Updated by Pierre-Louis Bonicoli almost 5 years ago
Updated:
diff --git a/ansible/data/duckcorp/interfaces/Orthos/eth-lan b/ansible/data/duckcorp/interfaces/Orthos/eth-lan index c927c65..def5f2b 100644 --- a/ansible/data/duckcorp/interfaces/Orthos/eth-lan +++ b/ansible/data/duckcorp/interfaces/Orthos/eth-lan @@ -1,3 +1,10 @@ auto eth-lan + allow-hotplug eth-lan -iface eth-lan inet dhcp + +iface eth-lan inet static + address 192.168.100.2 + netmask 255.255.255.248 + network 192.168.100.0 + broadcast 192.168.100.7 + gateway 192.168.100.1
Updated by Marc Dequènes almost 5 years ago
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
It's fine, thanks. I just updated to use the CIDR to simplify (it calculates the other parameters automagically).