From 0f805168b6c3b6293378e75e061a8b6dbbf1f875 Mon Sep 17 00:00:00 2001
From: Wojciech Kozlowski <wk@wojciechkozlowski.eu>
Date: Sun, 8 Oct 2023 00:15:34 +0200
Subject: [PATCH] Add netdata role

---
 system/extra/netdata/meta/argument_specs.yml |  19 ++
 system/extra/netdata/tasks/main.yml          |  52 ++++++
 system/extra/netdata/templates/netdata.conf  |  23 +++
 system/extra/netdata/templates/stream.conf   | 181 +++++++++++++++++++
 4 files changed, 275 insertions(+)
 create mode 100644 system/extra/netdata/meta/argument_specs.yml
 create mode 100644 system/extra/netdata/tasks/main.yml
 create mode 100644 system/extra/netdata/templates/netdata.conf
 create mode 100644 system/extra/netdata/templates/stream.conf

diff --git a/system/extra/netdata/meta/argument_specs.yml b/system/extra/netdata/meta/argument_specs.yml
new file mode 100644
index 0000000..d76a0bc
--- /dev/null
+++ b/system/extra/netdata/meta/argument_specs.yml
@@ -0,0 +1,19 @@
+---
+argument_specs:
+  main:
+    options:
+      system_extra_netdata_inet_address:
+        type: "str"
+        required: true
+      system_extra_netdata_inet6_address:
+        type: "str"
+        required: true
+      system_extra_netdata_registry_enabled:
+        type: "bool"
+        required: true
+      system_extra_netdata_registry_url:
+        type: "str"
+        required: true
+      system_extra_netdata_stream_api_key:
+        type: "str"
+        required: true
diff --git a/system/extra/netdata/tasks/main.yml b/system/extra/netdata/tasks/main.yml
new file mode 100644
index 0000000..d594d8a
--- /dev/null
+++ b/system/extra/netdata/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: "install netdata"
+  ansible.builtin.apt:
+    name:
+      - "netdata"
+      - "uuid-runtime"
+  register: system_extra_netdata_install
+
+- name: "enable netdata"
+  ansible.builtin.systemd:
+    name: "netdata"
+    enabled: true
+
+- name: "resolve netdata registry via hosts file (inet)"
+  ansible.builtin.lineinfile:
+    path: "/etc/hosts"
+    line: "{{ system_extra_netdata_registry_inet_address }} {{ system_extra_netdata_registry_url }}"
+    insertafter: "EOF"
+
+- name: "resolve netdata registry via hosts file (inet6)"
+  ansible.builtin.lineinfile:
+    path: "/etc/hosts"
+    line: "{{ system_extra_netdata_registry_inet6_address }} {{ system_extra_netdata_registry_url }}"
+    insertafter: "EOF"
+
+- name: "configure netdata"
+  ansible.builtin.template:
+    src: "./netdata.conf"
+    dest: "/etc/netdata/netdata.conf"
+  register: system_extra_netdata_netdata_conf
+
+- name: "configure netdata stream"
+  ansible.builtin.template:
+    src: "./stream.conf"
+    dest: "/etc/netdata/stream.conf"
+  register: system_extra_netdata_stream_conf
+
+- name: "start netdata"
+  ansible.builtin.systemd:
+    name: "netdata"
+    state: "started"
+  register: system_extra_netdata_start
+
+- name: "restart netdata"
+  ansible.builtin.systemd:
+    name: "netdata"
+    state: "restarted"
+  when:
+    (system_extra_netdata_install.changed or
+    system_extra_netdata_netdata_conf.changed or
+    system_extra_netdata_stream_conf.changed) and
+    not system_extra_netdata_start.changed
diff --git a/system/extra/netdata/templates/netdata.conf b/system/extra/netdata/templates/netdata.conf
new file mode 100644
index 0000000..e275071
--- /dev/null
+++ b/system/extra/netdata/templates/netdata.conf
@@ -0,0 +1,23 @@
+# NetData Configuration
+
+# The current full configuration can be retrieved from the running
+# server at the URL
+#
+#   http://localhost:19999/netdata.conf
+#
+# for example:
+#
+#   wget -O /etc/netdata/netdata.conf http://localhost:19999/netdata.conf
+#
+
+[global]
+	run as user = netdata
+	web files owner = root
+	web files group = root
+	# Netdata is not designed to be exposed to potentially hostile
+	# networks. See https://github.com/netdata/netdata/issues/164
+	bind socket to IP = {{ system_extra_netdata_inet_address }} {{ system_extra_netdata_inet6_address }}
+
+[registry]
+        enabled = {{ 'yes' if system_extra_netdata_registry_enabled else 'no' }}
+        registry to announce = {{ system_extra_netdata_registry_url }}:19999
diff --git a/system/extra/netdata/templates/stream.conf b/system/extra/netdata/templates/stream.conf
new file mode 100644
index 0000000..3dcf8b2
--- /dev/null
+++ b/system/extra/netdata/templates/stream.conf
@@ -0,0 +1,181 @@
+# netdata configuration for aggregating data from remote hosts
+#
+# API keys authorize a pair of sending-receiving netdata servers.
+# Once their communication is authorized, they can exchange metrics for any
+# number of hosts.
+#
+# You can generate API keys, with the linux command: uuidgen
+{% if not system_extra_netdata_registry_enabled %}
+
+# -----------------------------------------------------------------------------
+# 1. ON CHILD NETDATA - THE ONE THAT WILL BE SENDING METRICS
+
+[stream]
+    # Enable this on child nodes, to have them send metrics.
+    enabled = yes
+
+    # Where is the receiving netdata?
+    # A space separated list of:
+    #
+    #      [PROTOCOL:]HOST[%INTERFACE][:PORT][:SSL]
+    #
+    # If many are given, the first available will get the metrics.
+    #
+    # PROTOCOL  = tcp, udp, or unix (only tcp and unix are supported by parent nodes)
+    # HOST      = an IPv4, IPv6 IP, or a hostname, or a unix domain socket path.
+    #             IPv6 IPs should be given with brackets [ip:address]
+    # INTERFACE = the network interface to use (only for IPv6)
+    # PORT      = the port number or service name (/etc/services)
+    # SSL       = when this word appear at the end of the destination string
+    #             the Netdata will encrypt the connection with the parent.
+    #
+    # This communication is not HTTP (it cannot be proxied by web proxies).
+    destination = tcp:{{ system_extra_netdata_registry_url }}:19999
+
+    # Skip Certificate verification?
+    # The netdata child is configurated to avoid invalid SSL/TLS certificate,
+    # so certificates that are self-signed or expired will stop the streaming.
+    # Case the server certificate is not valid, you can enable the use of
+    # 'bad' certificates setting the next option as 'yes'.
+    #ssl skip certificate verification = yes
+
+    # Certificate Authority Path
+    # OpenSSL has a default directory where the known certificates are stored.
+    # In case it is necessary, it is possible to change this rule using the variable
+    # "CApath", e.g. CApath = /etc/ssl/certs/
+    #
+    #CApath =
+
+    # Certificate Authority file
+    # When the Netdata parent has a certificate that is not recognized as valid,
+    # we can add it to the list of known certificates in "CApath" and give it to
+    # Netdata as an argument, e.g. CAfile = /etc/ssl/certs/cert.pem
+    #
+    #CAfile =
+
+    # The API_KEY to use (as the sender)
+    api key = {{ system_extra_netdata_stream_api_key }}
+
+    # Stream Compression
+    # The default is enabled
+    # You can control stream compression in this agent with options: yes | no
+    #enable compression = yes
+
+    # The timeout to connect and send metrics
+    timeout seconds = 60
+
+    # If the destination line above does not specify a port, use this
+    default port = 19999
+
+    # filter the charts to be streamed
+    # netdata SIMPLE PATTERN:
+    # - space separated list of patterns (use \ to include spaces in patterns)
+    # - use * as wildcard, any number of times within each pattern
+    # - prefix a pattern with ! for a negative match (ie not stream the charts it matches)
+    # - the order of patterns is important (left to right)
+    # To send all except a few, use: !this !that *   (ie append a wildcard pattern)
+    send charts matching = *
+
+    # The buffer to use for sending metrics.
+    # 10MB is good for 60 seconds of data, so increase this if you expect latencies.
+    # The buffer is flushed on reconnects (this will not prevent gaps at the charts).
+    buffer size bytes = 10485760
+
+    # If the connection fails, or it disconnects,
+    # retry after that many seconds.
+    reconnect delay seconds = 5
+
+    # Sync the clock of the charts for that many iterations, when starting.
+    # It is ignored when replication is enabled
+    initial clock resync iterations = 60
+{% endif %}
+{% if system_extra_netdata_registry_enabled %}
+
+# -----------------------------------------------------------------------------
+# 2. ON PARENT NETDATA - THE ONE THAT WILL BE RECEIVING METRICS
+
+#    You can have one API key per child,
+#         or the same API key for all child nodes.
+#
+#    netdata searches for options in this order:
+#
+#    a) parent netdata settings (netdata.conf)
+#    b) [stream] section        (above)
+#    c) [API_KEY] section       (below, settings for the API key)
+#    d) [MACHINE_GUID] section  (below, settings for each machine)
+#
+#    You can combine the above (the more specific setting will be used).
+
+# API key authentication
+# If the key is not listed here, it will not be able to push metrics.
+
+# [API_KEY] is [YOUR-API-KEY], i.e [11111111-2222-3333-4444-555555555555]
+[{{ system_extra_netdata_stream_api_key }}]
+    # Default settings for this API key
+
+    # This GUID is to be used as an API key from remote agents connecting
+    # to this machine. Failure to match such a key, denies access.
+    # YOU MUST SET THIS FIELD ON ALL API KEYS.
+    type = api
+
+    # You can disable the API key, by setting this to: no
+    # The default (for unknown API keys) is: no
+    enabled = yes
+
+    # A list of simple patterns matching the IPs of the servers that
+    # will be pushing metrics using this API key.
+    # The metrics are received via the API port, so the same IPs
+    # should also be matched at netdata.conf [web].allow connections from
+    allow from = *
+
+    # The default history in entries, for all hosts using this API key.
+    # You can also set it per host below.
+    # For the default db mode (dbengine), this is ignored.
+    #default history = 3600
+
+    # The default memory mode to be used for all hosts using this API key.
+    # You can also set it per host below.
+    # If you don't set it here, the memory mode of netdata.conf will be used.
+    # Valid modes:
+    #    save     save on exit, load on start
+    #    map      like swap (continuously syncing to disks - you need SSD)
+    #    ram      keep it in RAM, don't touch the disk
+    #    none     no database at all (use this on headless proxies)
+    #    dbengine like a traditional database
+    #default memory mode = dbengine
+
+    # Shall we enable health monitoring for the hosts using this API key?
+    # 3 possible values:
+    #    yes     enable alarms
+    #    no      do not enable alarms
+    #    auto    enable alarms, only when the sending netdata is connected. For ephemeral child nodes or child system restarts,
+    #            ensure that the netdata process on the child is gracefully stopped, to prevent invalid last_collected alarms
+    # You can also set it per host, below.
+    # The default is taken from [health].enabled of netdata.conf
+    #health enabled by default = auto
+
+    # postpone alarms for a short period after the sender is connected
+    default postpone alarms on connect seconds = 60
+
+    # need to route metrics differently? set these.
+    # the defaults are the ones at the [stream] section (above)
+    #default proxy enabled = yes | no
+    #default proxy destination = IP:PORT IP:PORT ...
+    #default proxy api key = API_KEY
+    #default proxy send charts matching = *
+
+    # Stream Compression
+    # By default it is enabled.
+    # You can control stream compression in this parent agent stream with options: yes | no
+    #enable compression = yes
+
+    # Replication
+    # Enable replication for all hosts using this api key. Default: enabled
+    #enable replication = yes
+
+    # How many seconds to replicate from each child. Default: a day
+    #seconds to replicate = 86400
+
+    # The duration we want to replicate per each step.
+    #replication_step = 600
+{% endif %}