Ansible-Kurs/2024-09
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Kapitel 09: monitored

Browse source
This commit is contained in:
Sven Velt 2024-09-18 14:30:25 +02:00
parent 83ebe7833b
commit cb34c9503f
10 changed files with 175 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitmodules vendored
View file

@ -14,3 +14,9 @@
path = roles.extern/dokuwiki_inventory.devel
url = https://git.velt.biz/Ansible/dokuwiki_inventory.git
branch = devel
[submodule "roles.extern/monitored"]
path = roles.extern/monitored
url = https://git.velt.biz/Ansible/monitored.git
[submodule "09/ssh-wrapper-for-monitoring"]
path = 09/ssh-wrapper-for-monitoring
url = https://git.velt.biz/Monitoring/ssh-wrapper-for-monitoring.git

9
09/get_distri_os.j2 Normal file
View file

@ -0,0 +1,9 @@
{{ "%-20s" % "Hostname" }} - {{ "%-20s" % "Distribution" }} - {{ "%-15s" % "OS family" }} - {{ "%-10s" % "MajorVer" }} - {{ "%-10s" % "Version" }}
{% for h in hostvars %}
{{ "%-20s" % h }} - {{ "%-20s" % hostvars[h]['ansible_distribution']
}} - {{ "%-15s" % hostvars[h]['ansible_os_family']
}} - {{ "%-10s" % hostvars[h]['ansible_distribution_major_version']
}} - {{ "%-10s" % hostvars[h]['ansible_distribution_version']
}}
{% endfor %}

37
09/get_distri_os.txt Normal file
View file

@ -0,0 +1,37 @@
Hostname - Distribution - OS family - MajorVer - Version
tn00-alma8 - AlmaLinux - RedHat - 8 - 8.10
tn00-alma9 - AlmaLinux - RedHat - 9 - 9.4
tn00-alpine3h - Alpine - Alpine - 3 - 3.17.9
tn00-alpine3i - Alpine - Alpine - 3 - 3.18.9
tn00-alpine3j - Alpine - Alpine - 3 - 3.19.4
tn00-alpine3k - Alpine - Alpine - 3 - 3.20.3
tn00-arch - Archlinux - Archlinux - NA - NA
tn00-centos9s - CentOS - RedHat - 9 - 9
tn00-debian10 - Debian - Debian - 10 - 10.13
tn00-debian11 - Debian - Debian - 11 - 11.11
tn00-debian12 - Debian - Debian - 12 - 12.7
tn00-debian13 - Debian - Debian - n/a - n/a
tn00-devuan10 - Devuan - Debian - 3 - 3
tn00-devuan11 - Devuan - Debian - 4 - 4
tn00-devuan12 - Devuan - Debian - 5 - 5
tn00-fedora39 - Fedora - RedHat - 39 - 39
tn00-fedora40 - Fedora - RedHat - 40 - 40
tn00-oracle7 - OracleLinux - RedHat - 7 - 7.9
tn00-oracle8 - OracleLinux - RedHat - 8 - 8.10
tn00-oracle9 - OracleLinux - RedHat - 9 - 9.4
tn00-rocky8 - Rocky - RedHat - 8 - 8.10
tn00-rocky9 - Rocky - RedHat - 9 - 9.4
tn00-suse-t - openSUSE Tumbleweed - Suse - 20240916 - 20240916
tn00-suse155 - openSUSE Leap - Suse - 15 - 15.5
tn00-suse156 - openSUSE Leap - Suse - 15 - 15.6
tn00-ubu1604 - Ubuntu - Debian - 16 - 16.04
tn00-ubu1804 - Ubuntu - Debian - 18 - 18.04
tn00-ubu2004a - Ubuntu - Debian - 20 - 20.04
tn00-ubu2004b - Ubuntu - Debian - 20 - 20.04
tn00-ubu2004c - Ubuntu - Debian - 20 - 20.04
tn00-ubu2004d - Ubuntu - Debian - 20 - 20.04
tn00-ubu2204 - Ubuntu - Debian - 22 - 22.04
tn00-ubu2310 - Ubuntu - Debian - 23 - 23.10
tn00-ubu2404 - Ubuntu - Debian - 24 - 24.04
tn00-void - Void - Void - rolling - rolling

10
09/get_distri_os.yml Normal file
View file

@ -0,0 +1,10 @@
---
- hosts: all
tasks:
- template:
src: get_distri_os.j2
dest: get_distri_os.txt
delegate_to: localhost
run_once: yes

1
09/kurs_ansible_monitored.pub Normal file
View file

@ -0,0 +1 @@
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILuL4SgXrfi40nguCVDrnDeft/bRDDEjigN6ZgaxvAyAdyEo17F1TCkDrx6t/p0vp2b0adWSe/XRLRbEgSe6KA= svelt@pixy

1
09/monitored.yml Symbolic link
View file

@ -0,0 +1 @@
../roles.extern/monitored/monitored.yml

1
09/ssh-wrapper-for-monitoring Submodule

@ -0,0 +1 @@
Subproject commit baa916df811870506a7196c1de339ccbb0d14624

93
09/ssh-wrapper.py Executable file
View file

@ -0,0 +1,93 @@
#!/bin/sh
'''':
for pyint in /usr/libexec/platform-python python3 python python2; do
command -v $pyint >/dev/null 2>&1 && exec $pyint "$0" "$@"
done
echo "$0: No python could be found" >&2
exit 1
# '''
import argparse
import os
import re
import shlex
import subprocess
import sys
import syslog
parser = argparse.ArgumentParser()
parser.add_argument('--verbose', '-v', action='count', default=0)
parser.add_argument('--silent', action='store_true', default=False)
args = parser.parse_args()
if args.silent:
args.verbose = -1
if args.verbose >= 0:
syslog.openlog(
ident=sys.argv[0],
logoption=syslog.LOG_PID,
facility=syslog.LOG_LOCAL3 | syslog.LOG_ERR
)
allowed = [
##### System informations
r'^/usr/bin/lsb_release\s+-d$', # Linux
r'^/(usr/)?bin/uname\s+-mrs$', # Linux, BSD & others
r'''^/(usr/)?s?bin/awk -F'"' (-e\s*)?'/PRETTY_NAME/{ print \$2; }' /etc/os-release''', # Linux: /etc/os-release via awk for get_os.py
##### Complete command lines (Monitoring-Plugins on Debian)
r'^/usr/lib/nagios/plugins/check_disk -w \d+% -c \d+% -p /[/a-z]*$',
r'^/usr/lib/nagios/plugins/check_load -w \d+(,\d+,\d+)? -c \d+(,\d+,\d+)?$',
r'^/usr/lib/nagios/plugins/check_mysql -u [a-z]+ -p [0-9a-zA-Z]+',
r'^/usr/lib/nagios/plugins/check_mysql_health --user(name)?=[a-z]+ --pass(word)?=[0-9a-zA-Z]+ --mode=[a-z-]+$',
##### Simplified/combined (and a little bit less secure)
### most Linux distributions (with "sudo" and "doas")
r'^/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
r'^sudo\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
r'^doas\s+/usr/lib(64)?/(nagios/plugins|monitoring-plugins)/check_',
### *BSD (with "sudo" and "doas")
# r'^/usr/local/libexec/nagios/check_',
# r'^sudo\s+/usr/local/libexec/nagios/check_',
# r'^doas\s+/usr/local/libexec/nagios/check_',
]
cmdline = os.getenv('SSH_ORIGINAL_COMMAND')
if not cmdline:
print('This is just a wrapper, no command specified!')
if args.verbose >= 0:
syslog.syslog('Called without SSH_ORIGINAL_COMMAND')
sys.exit(3)
for maybe in allowed:
if re.match(maybe, cmdline):
if args.verbose >= 2:
syslog.syslog(syslog.LOG_INFO, 'Found command line >%s< with regexp >%s<' % ( cmdline, maybe ) )
cmdlinelist = shlex.split(cmdline)
try:
cmd = subprocess.Popen(cmdlinelist, stdout=subprocess.PIPE)
except Exception as exc:
print('Could not execute plugin: %s' % exc)
if args.verbose >= 0:
syslog.syslog('Could not execute plugin >%s<' % cmdline)
sys.exit(3)
else:
(out, outerr) = cmd.communicate()
out = out.rstrip().decode('utf-8')
outerr = (outerr or b'').rstrip().decode('utf-8')
print(out)
if args.verbose >= 1:
syslog.syslog('Executed command line >%s<' % cmdline)
if args.verbose >= 3:
syslog.syslog('Output >%s<, Error >%s<' % (out, outerr))
sys.exit(cmd.returncode)
print('%s: No allowed command found!' % sys.argv[0])
if args.verbose >= 0:
syslog.syslog('No allowed command found for >%s<' % cmdline)
sys.exit(3)

16
group_vars/all/monitored.yml Normal file
View file

@ -0,0 +1,16 @@
---
monitored_by_nrpe: True
monitored_by_ssh: True
monitored_server_ips:
- 192.168.1.1
- 10.128.16.8
- 10.128.17.13
- 192.168.54.250
monitored_ssh_key_files:
- kurs_ansible_monitored.pub
monitored_ssh_key_wrapper_src: ssh-wrapper.py
monitored_ssh_key_wrapper: /usr/local/bin/ssh-wrapper.py

1
roles.extern/monitored Submodule

@ -0,0 +1 @@
Subproject commit 20cb12a66a90beecd7316cb56fcea29984c2bf0c