chrissam.pmm-server

Panoramica Versioni Approfondimenti

Ansible Role: pmm-server

This role installs and sets up pmm-server on RHEL/CentOS or Debian/Ubuntu servers.

Requirements

Make sure Docker is installed on your server before running this role. Consider using existing Docker roles from Ansible Galaxy before executing this role. Remember, this role needs root access, so either run it in a playbook with global become: yes, or use the role in your playbook like this:

    - hosts: pmm-server
      roles:
        - role: chrissam.pmm-server
          become: yes

Security Features

You can secure PMM from unauthorized access with the following features:

  • HTTP Password Protection: Adds a login requirement to access the PMM Server web interface.

  • SSL Encryption: Protects data during communication between PMM Client and PMM Server.

Role Variables

Here are the available variables and their default values (check defaults/main.yml):

  • pmm_server_version: 1.0.7

This specifies the version of pmm-server to install. It’s best to use the latest stable version recommended by Percona.

  • pmm_server_ENABLE_PROTECTION: true

This decides if password protection is enabled. It helps keep PMM secure.

  • pmm_server_username: admin
  • pmm_server_password: admin

If ENABLE_PROTECTION is true, these variables set the login details.

  • pmm_server_ENABLE_SSL: true

Turns on SSL encryption for secure traffic between PMM Client and PMM Server.

  • pmm_server_default_cert: false

If ENABLE_SSL is true, this indicates whether to use a default self-signed certificate.

  • pmm_server_certificate_path: ""

If default_cert is false, this specifies where to put your custom certificate. Use "server.crt" and "server.key" as the certificate and key names. If this is left empty, it assumes the certificate is in the role's files directory. If you're using a custom path, remember to add a trailing slash (e.g., /path/to/file/) and don't include the file name.

  • pmm_server_UNINSTALL_PMM: false

Set this to true if you want to uninstall pmm-server. Other options won't be processed if this is true.

Configuration Options

Unprotected: 

    pmm_server_ENABLE_PROTECTION: false
    pmm_server_ENABLE_SSL: false

Only Password Protected:

    pmm_server_ENABLE_PROTECTION: true
    pmm_server_username: admin
    pmm_server_password: admin

Only SSL Encryption:

    pmm_server_ENABLE_SSL: true
    pmm_server_default_cert: true
    # or
    pmm_server_default_cert: false
    pmm_server_certificate_path: "/path/to/cert/"

Both Password Protection and SSL Encryption (Combined Security):

    pmm_server_ENABLE_PROTECTION: true
    pmm_server_username: admin
    pmm_server_password: admin
    pmm_server_ENABLE_SSL: true
    pmm_server_default_cert: true
    # or
    pmm_server_default_cert: false
    pmm_server_certificate_path: "/path/to/cert/"

Custom Options:

    pmm_server_env_custom:
      METRICS_RETENTION: 192h

Example Playbook

---
- hosts: localhost
  become: yes

  vars:
    pmm_server_version: 1.0.7
    pmm_server_certificate_path: "~/pmm-certs/"
  
  roles:
    - chrissam.pmm-server

License

MIT / BSD

Author

This role was created by Chris Sam for DevOpsIdeas

Informazioni sul progetto

PMM Server for RHEL/CentOS and Debian/Ubuntu

role database monitoring pmm
Installa
ansible-galaxy install chrissam.pmm-server
GitHub repository
3 stelle
6 fork
0 problemi aperti
Licenza
Unknown
Download
248
Proprietario
Chris Sam
Devops, AWS, Bit of bash, python and more