smartd, dma config

master
Paul Walko 2019-12-03 23:11:20 -05:00
parent 70dfaa68ab
commit 84c0ae8199
5 changed files with 274 additions and 26 deletions

View File

@ -1,9 +1,10 @@
Assumes:
- ALl:
- All:
- OS (Debian) has been installed and IPs have been configured in hosts.cfg
- Host is already trusted via ssh and can be ssh'd into using keys
- Passwordless sudo is enabled for the user ansible uses
- Root and user pw is something memorable
- Wireguard hosts:
- Secure boot is disabled (wireguard is an unsigned module)

68
ansible/files/dma.conf Normal file
View File

@ -0,0 +1,68 @@
# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
#
# Your smarthost (also called relayhost). Leave blank if you don't want
# smarthost support.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
SMARTHOST smtp.gmail.com
# Use this SMTP port. Most users will be fine with the default (25)
PORT 587
# Path to your alias file. Just stay with the default.
#ALIASES /etc/aliases
# Path to your spooldir. Just stay with the default.
#SPOOLDIR /var/spool/dma
# SMTP authentication
AUTHPATH /etc/dma/auth.conf
# Uncomment if yout want TLS/SSL support
SECURETRANSFER
# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS
# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS
# Path to your local SSL certificate
#CERTFILE
# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE. Otherwise plain login will only work
# over a secure connection. Use this option with caution.
#SECURE
# Uncomment if you want to defer your mails. This is useful if you are
# behind a dialup line. You have to submit your mails manually with dma -q
#DEFER
# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE
# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
MAILNAME /etc/mailname
# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert will send all mails as herb@ert
# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
#NULLCLIENT

150
ansible/files/smartd.conf Normal file
View File

@ -0,0 +1,150 @@
# Sample configuration file for smartd. See man smartd.conf.
# Home page is: http://www.smartmontools.org
# smartd will re-read the configuration file if it receives a HUP
# signal
# The file gives a list of devices to monitor using smartd, with one
# device per line. Text after a hash (#) is ignored, and you may use
# spaces and tabs for white space. You may use '\' to continue lines.
# You can usually identify which hard disks are on your system by
# looking in /proc/ide and in /proc/scsi.
# The word DEVICESCAN will cause any remaining lines in this
# configuration file to be ignored: it tells smartd to scan for all
# ATA and SCSI devices. DEVICESCAN may be followed by any of the
# Directives listed below, which will be applied to all devices that
# are found. Most users should comment out DEVICESCAN and explicitly
# list the devices that they wish to monitor.
#DEVICESCAN -d removable -n standby -m root -M exec /usr/share/smartmontools/smartd-runner
DEVICESCAN -m alerts@seaturtle.pw -M test
# Alternative setting to ignore temperature and power-on hours reports
# in syslog.
#DEVICESCAN -I 194 -I 231 -I 9
# Alternative setting to report more useful raw temperature in syslog.
#DEVICESCAN -R 194 -R 231 -I 9
# Alternative setting to report raw temperature changes >= 5 Celsius
# and min/max temperatures.
#DEVICESCAN -I 194 -I 231 -I 9 -W 5
# First ATA/SATA or SCSI/SAS disk. Monitor all attributes, enable
# automatic online data collection, automatic Attribute autosave, and
# start a short self-test every day between 2-3am, and a long self test
# Saturdays between 3-4am.
#/dev/sda -a -o on -S on -s (S/../.././02|L/../../6/03)
# Monitor SMART status, ATA Error Log, Self-test log, and track
# changes in all attributes except for attribute 194
#/dev/sdb -H -l error -l selftest -t -I 194
# Monitor all attributes except normalized Temperature (usually 194),
# but track Temperature changes >= 4 Celsius, report Temperatures
# >= 45 Celsius and changes in Raw value of Reallocated_Sector_Ct (5).
# Send mail on SMART failures or when Temperature is >= 55 Celsius.
#/dev/sdc -a -I 194 -W 4,45,55 -R 5 -m admin@example.com
# An ATA disk may appear as a SCSI device to the OS. If a SCSI to
# ATA Translation (SAT) layer is between the OS and the device then
# this can be flagged with the '-d sat' option. This situation may
# become common with SATA disks in SAS and FC environments.
# /dev/sda -a -d sat
# A very silent check. Only report SMART health status if it fails
# But send an email in this case
#/dev/sdc -H -C 0 -U 0 -m admin@example.com
# First two SCSI disks. This will monitor everything that smartd can
# monitor. Start extended self-tests Wednesdays between 6-7pm and
# Sundays between 1-2 am
#/dev/sda -d scsi -s L/../../3/18
#/dev/sdb -d scsi -s L/../../7/01
# Monitor 4 ATA disks connected to a 3ware 6/7/8000 controller which uses
# the 3w-xxxx driver. Start long self-tests Sundays between 1-2, 2-3, 3-4,
# and 4-5 am.
# NOTE: starting with the Linux 2.6 kernel series, the /dev/sdX interface
# is DEPRECATED. Use the /dev/tweN character device interface instead.
# For example /dev/twe0, /dev/twe1, and so on.
#/dev/sdc -d 3ware,0 -a -s L/../../7/01
#/dev/sdc -d 3ware,1 -a -s L/../../7/02
#/dev/sdc -d 3ware,2 -a -s L/../../7/03
#/dev/sdc -d 3ware,3 -a -s L/../../7/04
# Monitor 2 ATA disks connected to a 3ware 9000 controller which
# uses the 3w-9xxx driver (Linux, FreeBSD). Start long self-tests Tuesdays
# between 1-2 and 3-4 am.
#/dev/twa0 -d 3ware,0 -a -s L/../../2/01
#/dev/twa0 -d 3ware,1 -a -s L/../../2/03
# Monitor 2 SATA (not SAS) disks connected to a 3ware 9000 controller which
# uses the 3w-sas driver (Linux). Start long self-tests Tuesdays
# between 1-2 and 3-4 am.
# On FreeBSD /dev/tws0 should be used instead
#/dev/twl0 -d 3ware,0 -a -s L/../../2/01
#/dev/twl0 -d 3ware,1 -a -s L/../../2/03
# Same as above for Windows. Option '-d 3ware,N' is not necessary,
# disk (port) number is specified in device name.
# NOTE: On Windows, DEVICESCAN works also for 3ware controllers.
#/dev/hdc,0 -a -s L/../../2/01
#/dev/hdc,1 -a -s L/../../2/03
#
# Monitor 2 disks connected to the first HP SmartArray controller which
# uses the cciss driver. Start long tests on Sunday nights and short
# self-tests every night and send errors to root
#/dev/cciss/c0d0 -d cciss,0 -a -s (L/../../7/02|S/../.././02) -m root
#/dev/cciss/c0d0 -d cciss,1 -a -s (L/../../7/03|S/../.././03) -m root
# Monitor 3 ATA disks directly connected to a HighPoint RocketRAID. Start long
# self-tests Sundays between 1-2, 2-3, and 3-4 am.
#/dev/sdd -d hpt,1/1 -a -s L/../../7/01
#/dev/sdd -d hpt,1/2 -a -s L/../../7/02
#/dev/sdd -d hpt,1/3 -a -s L/../../7/03
# Monitor 2 ATA disks connected to the same PMPort which connected to the
# HighPoint RocketRAID. Start long self-tests Tuesdays between 1-2 and 3-4 am
#/dev/sdd -d hpt,1/4/1 -a -s L/../../2/01
#/dev/sdd -d hpt,1/4/2 -a -s L/../../2/03
# HERE IS A LIST OF DIRECTIVES FOR THIS CONFIGURATION FILE.
# PLEASE SEE THE smartd.conf MAN PAGE FOR DETAILS
#
# -d TYPE Set the device type: ata, scsi, marvell, removable, 3ware,N, hpt,L/M/N
# -T TYPE set the tolerance to one of: normal, permissive
# -o VAL Enable/disable automatic offline tests (on/off)
# -S VAL Enable/disable attribute autosave (on/off)
# -n MODE No check. MODE is one of: never, sleep, standby, idle
# -H Monitor SMART Health Status, report if failed
# -l TYPE Monitor SMART log. Type is one of: error, selftest
# -f Monitor for failure of any 'Usage' Attributes
# -m ADD Send warning email to ADD for -H, -l error, -l selftest, and -f
# -M TYPE Modify email warning behavior (see man page)
# -s REGE Start self-test when type/date matches regular expression (see man page)
# -p Report changes in 'Prefailure' Normalized Attributes
# -u Report changes in 'Usage' Normalized Attributes
# -t Equivalent to -p and -u Directives
# -r ID Also report Raw values of Attribute ID with -p, -u or -t
# -R ID Track changes in Attribute ID Raw value with -p, -u or -t
# -i ID Ignore Attribute ID for -f Directive
# -I ID Ignore Attribute ID for -p, -u or -t Directive
# -C ID Report if Current Pending Sector count non-zero
# -U ID Report if Offline Uncorrectable count non-zero
# -W D,I,C Monitor Temperature D)ifference, I)nformal limit, C)ritical limit
# -v N,ST Modifies labeling of Attribute N (see man page)
# -a Default: equivalent to -H -f -t -l error -l selftest -C 197 -U 198
# -F TYPE Use firmware bug workaround. Type is one of: none, samsung
# -P TYPE Drive-specific presets: use, ignore, show, showall
# # Comment: text after a hash sign is ignored
# \ Line continuation character
# Attribute ID is a decimal integer 1 <= ID <= 255
# except for -C and -U, where ID = 0 turns them off.
# All but -d, -m and -M Directives are only implemented for ATA devices
#
# If the test string DEVICESCAN is the first uncommented text
# then smartd will scan for devices.
# DEVICESCAN may be followed by any desired Directives.

View File

@ -1,4 +1,18 @@
---
- name: Enable weechat service
service:
name: weechat
enabled: yes
- name: Re-export exportfs
command: exportfs -arv
- name: Restart and enable smartd
service:
name: smartd
enabled: yes
state: restarted
- name: Restart chrony service
service:
name: chrony
@ -24,10 +38,3 @@
name: zfs-zed
state: restarted
- name: Enable weechat service
service:
name: weechat
enabled: yes
- name: Re-export exportfs
command: exportfs -arv

View File

@ -13,6 +13,7 @@
- apt-listchanges
- chrony
- curl
- dma
- git
- htop
- iperf3
@ -20,6 +21,7 @@
- nmap
- oidentd
- rsync
- smartmontools
- speedtest-cli
- tmux
- unattended-upgrades
@ -95,6 +97,26 @@
group: root
mode: '0644'
- name: Configure dma
copy:
src: files/dma.conf
dest: /etc/dma/dma.conf
owner: root
group: mail
mode: '0640'
- debug:
msg: 'Manually configure /etc/dma/auth.conf'
- name: Configure smartd
copy:
src: files/smartd.conf
dest: /etc/smartd.conf
owner: root
group: root
mode: '0644'
notify: Restart and enable smartd
### Router
##- hosts: router
## become: yes
@ -124,8 +146,10 @@
force_apt_get: yes
update_cache: yes
# Manually do wireguard config https://wiki.debian.org/Wireguard
# Manuall do beets config https://wiki.archlinux.org/index.php/Beets
- debug:
msg:
- Manually do wireguard config https://wiki.debian.org/Wireguard
- Manuall do beets config https://wiki.archlinux.org/index.php/Beets
# NFS core config
# ASSUMES /bigdata IS CONFIGURED (make sure dir is 755)
@ -134,26 +158,15 @@
handlers:
- import_tasks: handlers.yml
tasks:
- name: Install zfs-zed, postfix, nfs-kernel-server
- name: Install zfs-zed, dma, and nfs-kernel-server
apt:
name:
- dma
- nfs-kernel-server
- postfix
- zfs-zed
force_apt_get: yes
update_cache: yes
- name: Configure postfix
copy:
src: files/bigdummy-main.cf
dest: /etc/postfix/main.cf
owner: root
group: root
mode: '0644'
notify: Restart postfix
# Manually set postfix password
- name: Configure zfs-zed
copy:
src: files/zed.rc
@ -163,12 +176,20 @@
mode: '0644'
notify: Restart zfs-zed
- name: Install weekly bigdata scrub cron job
cron:
name: 'Scrub bigdata zfs pool'
special_time: weekly
job: 'zpool scrub bigdata'
user: root
- name: Install rclone
apt:
deb: https://github.com/rclone/rclone/releases/download/v1.49.2/rclone-v1.49.2-linux-amd64.deb
force_apt_get: yes
# Manually configure rclone remote drive
- debug:
msg: Manually configure rclone remote drive
- name: Export /bigdata
copy:
@ -234,4 +255,5 @@
groups: docker
append: yes
# Clone docker repo to start services
- debug:
msg: Clone docker repo to start services