From 84c0ae819970ae282dd16084759d3d89fb1e0a95 Mon Sep 17 00:00:00 2001 From: Paul Walko Date: Tue, 3 Dec 2019 23:11:20 -0500 Subject: [PATCH] smartd, dma config --- ansible/README.md | 3 +- ansible/files/dma.conf | 68 +++++++++++++++++ ansible/files/smartd.conf | 150 ++++++++++++++++++++++++++++++++++++++ ansible/handlers.yml | 21 ++++-- ansible/main.yml | 58 ++++++++++----- 5 files changed, 274 insertions(+), 26 deletions(-) create mode 100644 ansible/files/dma.conf create mode 100644 ansible/files/smartd.conf diff --git a/ansible/README.md b/ansible/README.md index 66d7705..8094b13 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -1,9 +1,10 @@ Assumes: -- ALl: +- All: - OS (Debian) has been installed and IPs have been configured in hosts.cfg - Host is already trusted via ssh and can be ssh'd into using keys - Passwordless sudo is enabled for the user ansible uses + - Root and user pw is something memorable - Wireguard hosts: - Secure boot is disabled (wireguard is an unsigned module) diff --git a/ansible/files/dma.conf b/ansible/files/dma.conf new file mode 100644 index 0000000..29bdcf4 --- /dev/null +++ b/ansible/files/dma.conf @@ -0,0 +1,68 @@ +# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $ +# +# Your smarthost (also called relayhost). Leave blank if you don't want +# smarthost support. +# NOTE: on Debian systems this is handled via debconf! +# Please use dpkg-reconfigure dma to change this value. +SMARTHOST smtp.gmail.com + +# Use this SMTP port. Most users will be fine with the default (25) +PORT 587 + +# Path to your alias file. Just stay with the default. +#ALIASES /etc/aliases + +# Path to your spooldir. Just stay with the default. +#SPOOLDIR /var/spool/dma + +# SMTP authentication +AUTHPATH /etc/dma/auth.conf + +# Uncomment if yout want TLS/SSL support +SECURETRANSFER + +# Uncomment if you want STARTTLS support (only used in combination with +# SECURETRANSFER) +STARTTLS + +# Uncomment if you have specified STARTTLS above and it should be allowed +# to fail ("opportunistic TLS", use an encrypted connection when available +# but allow an unencrypted one to servers that do not support it) +#OPPORTUNISTIC_TLS + +# Path to your local SSL certificate +#CERTFILE + +# If you want to use plain text SMTP login without using encryption, change +# the SECURE entry below to INSECURE. Otherwise plain login will only work +# over a secure connection. Use this option with caution. +#SECURE + +# Uncomment if you want to defer your mails. This is useful if you are +# behind a dialup line. You have to submit your mails manually with dma -q +#DEFER + +# Uncomment if you want the bounce message to include the complete original +# message, not just the headers. +#FULLBOUNCE + +# The internet hostname dma uses to identify the host. +# If not set or empty, the result of gethostname(2) is used. +# If MAILNAME is an absolute path to a file, the first line of this file +# will be used as the hostname. +# NOTE: on Debian systems this is handled via debconf! +# Please use dpkg-reconfigure dma to change this value. +MAILNAME /etc/mailname + +# Masquerade envelope from addresses with this address/hostname. +# Use this if mails are not accepted by destination mail servers because +# your sender domain is invalid. +# By default, MASQUERADE is not set. +# Format: MASQUERADE [user@][host] +# Examples: +# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet +# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator +# MASQUERADE herb@ert will send all mails as herb@ert + +# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery +#NULLCLIENT diff --git a/ansible/files/smartd.conf b/ansible/files/smartd.conf new file mode 100644 index 0000000..d73953f --- /dev/null +++ b/ansible/files/smartd.conf @@ -0,0 +1,150 @@ +# Sample configuration file for smartd. See man smartd.conf. + +# Home page is: http://www.smartmontools.org + +# smartd will re-read the configuration file if it receives a HUP +# signal + +# The file gives a list of devices to monitor using smartd, with one +# device per line. Text after a hash (#) is ignored, and you may use +# spaces and tabs for white space. You may use '\' to continue lines. + +# You can usually identify which hard disks are on your system by +# looking in /proc/ide and in /proc/scsi. + +# The word DEVICESCAN will cause any remaining lines in this +# configuration file to be ignored: it tells smartd to scan for all +# ATA and SCSI devices. DEVICESCAN may be followed by any of the +# Directives listed below, which will be applied to all devices that +# are found. Most users should comment out DEVICESCAN and explicitly +# list the devices that they wish to monitor. +#DEVICESCAN -d removable -n standby -m root -M exec /usr/share/smartmontools/smartd-runner +DEVICESCAN -m alerts@seaturtle.pw -M test + +# Alternative setting to ignore temperature and power-on hours reports +# in syslog. +#DEVICESCAN -I 194 -I 231 -I 9 + +# Alternative setting to report more useful raw temperature in syslog. +#DEVICESCAN -R 194 -R 231 -I 9 + +# Alternative setting to report raw temperature changes >= 5 Celsius +# and min/max temperatures. +#DEVICESCAN -I 194 -I 231 -I 9 -W 5 + +# First ATA/SATA or SCSI/SAS disk. Monitor all attributes, enable +# automatic online data collection, automatic Attribute autosave, and +# start a short self-test every day between 2-3am, and a long self test +# Saturdays between 3-4am. +#/dev/sda -a -o on -S on -s (S/../.././02|L/../../6/03) + +# Monitor SMART status, ATA Error Log, Self-test log, and track +# changes in all attributes except for attribute 194 +#/dev/sdb -H -l error -l selftest -t -I 194 + +# Monitor all attributes except normalized Temperature (usually 194), +# but track Temperature changes >= 4 Celsius, report Temperatures +# >= 45 Celsius and changes in Raw value of Reallocated_Sector_Ct (5). +# Send mail on SMART failures or when Temperature is >= 55 Celsius. +#/dev/sdc -a -I 194 -W 4,45,55 -R 5 -m admin@example.com + +# An ATA disk may appear as a SCSI device to the OS. If a SCSI to +# ATA Translation (SAT) layer is between the OS and the device then +# this can be flagged with the '-d sat' option. This situation may +# become common with SATA disks in SAS and FC environments. +# /dev/sda -a -d sat + +# A very silent check. Only report SMART health status if it fails +# But send an email in this case +#/dev/sdc -H -C 0 -U 0 -m admin@example.com + +# First two SCSI disks. This will monitor everything that smartd can +# monitor. Start extended self-tests Wednesdays between 6-7pm and +# Sundays between 1-2 am +#/dev/sda -d scsi -s L/../../3/18 +#/dev/sdb -d scsi -s L/../../7/01 + +# Monitor 4 ATA disks connected to a 3ware 6/7/8000 controller which uses +# the 3w-xxxx driver. Start long self-tests Sundays between 1-2, 2-3, 3-4, +# and 4-5 am. +# NOTE: starting with the Linux 2.6 kernel series, the /dev/sdX interface +# is DEPRECATED. Use the /dev/tweN character device interface instead. +# For example /dev/twe0, /dev/twe1, and so on. +#/dev/sdc -d 3ware,0 -a -s L/../../7/01 +#/dev/sdc -d 3ware,1 -a -s L/../../7/02 +#/dev/sdc -d 3ware,2 -a -s L/../../7/03 +#/dev/sdc -d 3ware,3 -a -s L/../../7/04 + +# Monitor 2 ATA disks connected to a 3ware 9000 controller which +# uses the 3w-9xxx driver (Linux, FreeBSD). Start long self-tests Tuesdays +# between 1-2 and 3-4 am. +#/dev/twa0 -d 3ware,0 -a -s L/../../2/01 +#/dev/twa0 -d 3ware,1 -a -s L/../../2/03 + +# Monitor 2 SATA (not SAS) disks connected to a 3ware 9000 controller which +# uses the 3w-sas driver (Linux). Start long self-tests Tuesdays +# between 1-2 and 3-4 am. +# On FreeBSD /dev/tws0 should be used instead +#/dev/twl0 -d 3ware,0 -a -s L/../../2/01 +#/dev/twl0 -d 3ware,1 -a -s L/../../2/03 + +# Same as above for Windows. Option '-d 3ware,N' is not necessary, +# disk (port) number is specified in device name. +# NOTE: On Windows, DEVICESCAN works also for 3ware controllers. +#/dev/hdc,0 -a -s L/../../2/01 +#/dev/hdc,1 -a -s L/../../2/03 +# +# Monitor 2 disks connected to the first HP SmartArray controller which +# uses the cciss driver. Start long tests on Sunday nights and short +# self-tests every night and send errors to root +#/dev/cciss/c0d0 -d cciss,0 -a -s (L/../../7/02|S/../.././02) -m root +#/dev/cciss/c0d0 -d cciss,1 -a -s (L/../../7/03|S/../.././03) -m root + +# Monitor 3 ATA disks directly connected to a HighPoint RocketRAID. Start long +# self-tests Sundays between 1-2, 2-3, and 3-4 am. +#/dev/sdd -d hpt,1/1 -a -s L/../../7/01 +#/dev/sdd -d hpt,1/2 -a -s L/../../7/02 +#/dev/sdd -d hpt,1/3 -a -s L/../../7/03 + +# Monitor 2 ATA disks connected to the same PMPort which connected to the +# HighPoint RocketRAID. Start long self-tests Tuesdays between 1-2 and 3-4 am +#/dev/sdd -d hpt,1/4/1 -a -s L/../../2/01 +#/dev/sdd -d hpt,1/4/2 -a -s L/../../2/03 + +# HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE. +# PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS +# +# -d TYPE Set the device type: ata, scsi, marvell, removable, 3ware,N, hpt,L/M/N +# -T TYPE set the tolerance to one of: normal, permissive +# -o VAL Enable/disable automatic offline tests (on/off) +# -S VAL Enable/disable attribute autosave (on/off) +# -n MODE No check. MODE is one of: never, sleep, standby, idle +# -H Monitor SMART Health Status, report if failed +# -l TYPE Monitor SMART log. Type is one of: error, selftest +# -f Monitor for failure of any 'Usage' Attributes +# -m ADD Send warning email to ADD for -H, -l error, -l selftest, and -f +# -M TYPE Modify email warning behavior (see man page) +# -s REGE Start self-test when type/date matches regular expression (see man page) +# -p Report changes in 'Prefailure' Normalized Attributes +# -u Report changes in 'Usage' Normalized Attributes +# -t Equivalent to -p and -u Directives +# -r ID Also report Raw values of Attribute ID with -p, -u or -t +# -R ID Track changes in Attribute ID Raw value with -p, -u or -t +# -i ID Ignore Attribute ID for -f Directive +# -I ID Ignore Attribute ID for -p, -u or -t Directive +# -C ID Report if Current Pending Sector count non-zero +# -U ID Report if Offline Uncorrectable count non-zero +# -W D,I,C Monitor Temperature D)ifference, I)nformal limit, C)ritical limit +# -v N,ST Modifies labeling of Attribute N (see man page) +# -a Default: equivalent to -H -f -t -l error -l selftest -C 197 -U 198 +# -F TYPE Use firmware bug workaround. Type is one of: none, samsung +# -P TYPE Drive-specific presets: use, ignore, show, showall +# # Comment: text after a hash sign is ignored +# \ Line continuation character +# Attribute ID is a decimal integer 1 <= ID <= 255 +# except for -C and -U, where ID = 0 turns them off. +# All but -d, -m and -M Directives are only implemented for ATA devices +# +# If the test string DEVICESCAN is the first uncommented text +# then smartd will scan for devices. +# DEVICESCAN may be followed by any desired Directives. diff --git a/ansible/handlers.yml b/ansible/handlers.yml index a31e15d..68ec086 100644 --- a/ansible/handlers.yml +++ b/ansible/handlers.yml @@ -1,4 +1,18 @@ --- +- name: Enable weechat service + service: + name: weechat + enabled: yes + +- name: Re-export exportfs + command: exportfs -arv + +- name: Restart and enable smartd + service: + name: smartd + enabled: yes + state: restarted + - name: Restart chrony service service: name: chrony @@ -24,10 +38,3 @@ name: zfs-zed state: restarted -- name: Enable weechat service - service: - name: weechat - enabled: yes - -- name: Re-export exportfs - command: exportfs -arv diff --git a/ansible/main.yml b/ansible/main.yml index 5c3642e..e6801c2 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -13,6 +13,7 @@ - apt-listchanges - chrony - curl + - dma - git - htop - iperf3 @@ -20,6 +21,7 @@ - nmap - oidentd - rsync + - smartmontools - speedtest-cli - tmux - unattended-upgrades @@ -95,6 +97,26 @@ group: root mode: '0644' + - name: Configure dma + copy: + src: files/dma.conf + dest: /etc/dma/dma.conf + owner: root + group: mail + mode: '0640' + + - debug: + msg: 'Manually configure /etc/dma/auth.conf' + + - name: Configure smartd + copy: + src: files/smartd.conf + dest: /etc/smartd.conf + owner: root + group: root + mode: '0644' + notify: Restart and enable smartd + ### Router ##- hosts: router ## become: yes @@ -124,8 +146,10 @@ force_apt_get: yes update_cache: yes - # Manually do wireguard config https://wiki.debian.org/Wireguard - # Manuall do beets config https://wiki.archlinux.org/index.php/Beets + - debug: + msg: + - Manually do wireguard config https://wiki.debian.org/Wireguard + - Manuall do beets config https://wiki.archlinux.org/index.php/Beets # NFS core config # ASSUMES /bigdata IS CONFIGURED (make sure dir is 755) @@ -134,26 +158,15 @@ handlers: - import_tasks: handlers.yml tasks: - - name: Install zfs-zed, postfix, nfs-kernel-server + - name: Install zfs-zed, dma, and nfs-kernel-server apt: name: + - dma - nfs-kernel-server - - postfix - zfs-zed force_apt_get: yes update_cache: yes - - name: Configure postfix - copy: - src: files/bigdummy-main.cf - dest: /etc/postfix/main.cf - owner: root - group: root - mode: '0644' - notify: Restart postfix - - # Manually set postfix password - - name: Configure zfs-zed copy: src: files/zed.rc @@ -163,12 +176,20 @@ mode: '0644' notify: Restart zfs-zed + - name: Install weekly bigdata scrub cron job + cron: + name: 'Scrub bigdata zfs pool' + special_time: weekly + job: 'zpool scrub bigdata' + user: root + - name: Install rclone apt: deb: https://github.com/rclone/rclone/releases/download/v1.49.2/rclone-v1.49.2-linux-amd64.deb force_apt_get: yes - # Manually configure rclone remote drive + - debug: + msg: Manually configure rclone remote drive - name: Export /bigdata copy: @@ -233,5 +254,6 @@ name: paul groups: docker append: yes - - # Clone docker repo to start services + + - debug: + msg: Clone docker repo to start services