From 0193e1f767ff69589ceccd143e8a274b7eb06ba8 Mon Sep 17 00:00:00 2001
From: ebner <simon.ebner@psi.ch>
Date: Mon, 20 Nov 2023 10:36:58 +0100
Subject: [PATCH] added telegraf and sudo howto

---
 _toc.yml                                      |  2 +
 admin-guide/configuration.md                  |  4 ++
 admin-guide/configuration/metrics_telegraf.md | 55 +++++++++++++++++++
 admin-guide/configuration/sudo.md             | 11 ++++
 4 files changed, 72 insertions(+)
 create mode 100644 admin-guide/configuration/metrics_telegraf.md
 create mode 100644 admin-guide/configuration/sudo.md

diff --git a/_toc.yml b/_toc.yml
index c7b0417d..6336e0c5 100644
--- a/_toc.yml
+++ b/_toc.yml
@@ -47,6 +47,8 @@ chapters:
           - file: admin-guide/configuration/custom_nameservers
           - file: admin-guide/configuration/puppet_agent
           - file: admin-guide/configuration/central_logging_elastic
+          - file: admin-guide/configuration/metrics_telegraf
+          - file: admin-guide/configuration/sudo
           - file: admin-guide/configuration/keyboard_layout
           - file: admin-guide/configuration/autologin
           - file: admin-guide/configuration/screen_lock
diff --git a/admin-guide/configuration.md b/admin-guide/configuration.md
index 98c36749..c0f9f060 100644
--- a/admin-guide/configuration.md
+++ b/admin-guide/configuration.md
@@ -18,6 +18,7 @@ Here starts a so far small collections of configuration guides for sysadmins of
 - [Resize System Volumes (volume group `vg_root`)](configuration/vgroot)
 - [Custom Nameservers](configuration/custom_nameservers)
 - [Puppent Agent run frequency](configuration/puppet_agent)
+- [Custom sudo Rules](configuration/sudo)
 
 ## Desktop
 - [Keyboard Layout](configuration/keyboard_layout)
@@ -29,6 +30,9 @@ Here starts a so far small collections of configuration guides for sysadmins of
 ## Logging
 - [Setup Central Logging to Elastic](configuration/central_logging_elastic)
 
+## Metrics
+- [Metrics Collection - Configuration Telegraf](configuration/metrics_telegraf)
+
 ## Special Installations
 - [SSH Host Hopping as Root (e.g. between cluster members)](configuration/ssh_host_hopping)
 - [Install Citrix VDA](configuration/citrix_vda)
diff --git a/admin-guide/configuration/metrics_telegraf.md b/admin-guide/configuration/metrics_telegraf.md
new file mode 100644
index 00000000..2d5206b3
--- /dev/null
+++ b/admin-guide/configuration/metrics_telegraf.md
@@ -0,0 +1,55 @@
+# Metric Collections - Configuration Telegraf
+
+There is a central metrics server at PSI that is accessible via https://metrics.psi.ch. All standard Linux system will be able to send metrics to this server when telegraf metrics collection is enabled via hiera.
+
+Following statement will enable the metrics collection:
+```yaml
+base::enable_telegraf: true
+```
+
+By default a number of metrics are collected, including cpu, disk usage, diskio, etc.
+A detailed list with the defaults can be found in [common.yaml](https://git.psi.ch/linux-infra/puppet/-/blob/preprod/data/common.yaml#L855) of the puppet repository.
+
+Custom metrics can also be added. (documentation to be done - please contact the Linux Core group if you need this).
+
+Depending on the location of the system hiera/puppet will configure the system to either send the data directly (PSI intranet) or via reverse proxy (DMZ, Extranet, tier3) to the central metrics server.
+
+If you run your own metric server or you want to explicitly overwrite where data is send to you can do this as follows:
+
+```yaml
+telegraf::agent:
+  url: http://your-metric-server.psi.ch
+```
+
+If you want to tweak the configuration on how metrics are collected, you can do this as well like this (following are the defaults - only specify the keys you would like to overwrite):
+
+```yaml
+telegraf::agent:
+  interval: '1m'
+  collection_jitter: '0s'
+  flush_interval: '1m'
+  flush_jitter: '10s'
+  metric_buffer_limit: 10000
+```
+
+
+By default puppet will purge and recreate (if needed) all config files in `/etc/telegraf/telegraf.d`. If you want to deploy your own metrics collection scripts outside of puppet/hiera you can disable the purging via:
+
+```yaml
+telegraf::config::purge: false
+```
+
+
+You can also configure your own metric to be collected via hiera as follows:
+```yaml
+telegraf::metrics:
+  'your_metric':
+    plugin: 'exec'
+    timeout: '30s'
+    interval: '1m'
+    data_format: 'influx'
+    commands: ['sudo /your/script/location/script.sh']
+    enable: true
+```
+This will only work if you have deployed the necessary script (in the example `/your/script/location/script.sh`) and the necessary sudo rule(s) beforehand. For this you might wanna use techniques described in [Distribute Files](distribute_files) and/or [Custom sudo Rules](sudo).
+
diff --git a/admin-guide/configuration/sudo.md b/admin-guide/configuration/sudo.md
new file mode 100644
index 00000000..49dc35c5
--- /dev/null
+++ b/admin-guide/configuration/sudo.md
@@ -0,0 +1,11 @@
+# Custom sudo Rules
+
+Custom sudo rules can be specify in hiera as follows:
+
+```yaml
+aaa::sudo_rules:
+   - 'Defaults:telegraf !requiretty, !syslog'
+   - 'telegraf ALL=(root) NOPASSWD: /usr/lib/telegraf/scripts/nxserver_report.sh'
+```
+
+Beside that, if `aaa::allow_sudoers_d` is set to `true` (which is the default), you might also simply deploy a file to /etc/sudoers.d e.g. via a technique described in [Distribute Files](distribute_files).