Add the new collectd plugin for IPA

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/collectd/server/files/collection.conf

@@ -901,4 +901,45 @@ GraphWidth 400
 </Type>
 
 
+#
+# IPA
+#
+<Type ipa_groups>
+  RRDTitle "Groups"
+  DSName "value Total  "
+</Type>
+
+<Type ipa_users_rate>
+  RRDTitle "Users registration rate"
+  DSName "value Rate  "
+  RRDFormat "%4.1lf%s/s"
+</Type>
+
+<Type ipa_users>
+  Module GenericStacked
+  RRDTitle "Users"
+  RRDFormat "%5.1lf%s"
+  DSName "active Active  "
+  DSName "locked Locked  "
+  Order locked active
+  Color locked ff0000
+  Color active 0000ff
+</Type>
+
+<Type ipa_staged_users>
+  Module GenericStacked
+  RRDTitle "Registering Users"
+  RRDFormat "%4.0lf"
+  DSName             "active Not Spam  "
+  DSName "spamcheck_awaiting Awaiting  "
+  DSName   "spamcheck_denied SPAM      "
+  DSName   "spamcheck_manual Manual    "
+  Order spamcheck_awaiting spamcheck_denied spamcheck_manual active
+  Color spamcheck_awaiting 0000ff
+  Color spamcheck_denied   ff0000
+  Color spamcheck_manual   ffb000
+  Color active             00ff00
+</Type>
+
+
 # vim: set sw=2 sts=2 et syntax=apache fileencoding=utf-8 :

roles/collectd/server/tasks/main.yml

@@ -21,6 +21,7 @@
   - collectd-rrdtool
   - collectd-web
   - collectd-rabbitmq-data
+  - collectd-ipa-data
   notify:
   - restart collectd
   tags:

roles/ipa/server/tasks/scripts.yml

@@ -70,3 +70,43 @@
   tags:
   - ipa/server
   - otp_script
+
+
+#
+# Collectd statistics plugin
+# Requires the stage-users service to have been defined (above) with the
+# corresponding permissions. That's why I'm keeping this block here and not as
+# a subrole of the collectd role.
+#
+- name: Install and setup collectd-ipa
+  block:
+  - name: install collectd-ipa
+    package:
+      state: present
+      name: python3-collectd-ipa
+    tags:
+    - packages
+    - collectd
+
+  - name: install collectd ipa config
+    template:
+      src: "ipa.collectd.conf.j2"
+      dest: "/etc/collectd.d/ipa.conf"
+      owner: root
+      group: root
+      mode: 0640
+    tags:
+    - collectd
+    - config
+    notify: restart collectd
+
+  - name: Let collectd talk to the RabbitMQ management interface
+    seboolean:
+      name: collectd_tcp_network_connect
+      state: yess
+      persistent: yes
+    tags:
+    - collectd
+  # Only collect stats on one server
+  run_once: yes
+  delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"

roles/ipa/server/templates/ipa.collectd.conf.j2

@@ -0,0 +1,42 @@
+# IPA plugin
+
+<LoadPlugin python>
+  Globals true
+</LoadPlugin>
+
+<Plugin python>
+  LogTraces true
+  Interactive false
+  Import "collectd_ipa"
+
+  <Module collectd_ipa>
+    ## Interval between two collections. The collectd default of 10 seconds is
+    ## way too short, this plugin sets the default to 1h (3600s). Adjust
+    ## depending on the number of users you have and how long it takes to
+    ## collect this data. Remember that if you change the interval, you'll have
+    ## to recreate your RRD files.
+    # Interval 3600
+
+    ## To accomodate clusters, all the metrics will be attached to a virtual
+    ## host named after your domain in IPA. The `domain_prefix` value allows you
+    ## to add a prefix to this domain.
+    # DomainPrefix "ipa."
+
+    ## Path to the IPA configuration file, where the domain will be read from.
+    # IpaConf "/etc/ipa/default.conf"
+
+    ## Path to the LDAP configuration file, where the default directory base DN
+    ## will be read from.
+    # LdapConf "/etc/openldap/ldap.conf"
+
+    ## Set environment variables for Kerberos authentication. The client keytab
+    ## should be linked to an account (user or service) that has the
+    ## permissions to read stage users. In IPA, this means that it must have a
+    ## role that has a privilege granting the "System: Read Stage Users"
+    ## permission.
+    SetEnv KRB5_CLIENT_KTNAME "/etc/krb5.stage-users_{{ ipa_server }}.keytab"
+
+    ## Directory where the Kerberos credential caches will be created.
+    # CredCacheDir "/var/lib/collectd"
+  </Module>
+</Plugin>