Rework some parts, changes for new Ansible versions

2019-11-13 20:49:59 +00:00 · 2019-11-13 20:49:59 +00:00 · 789f944881
parent ab8d92a139
commit 789f944881
11 changed files with 54 additions and 56 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,6 +7,9 @@ monitored_group: nagios
 monitored_homedir: /var/lib/nagios
 monitored_shell: /bin/bash

+monitored_sudo_file: /etc/sudoers.d/monitored
+monitored_sudo_commands: []
+
 monitored_packages_install: True
 monitored_packages_predepends: []
 monitored_packages_additional: []
@ -27,17 +30,17 @@ monitored_nrpe_command_prefix: null
 monitored_nrpe_command_timeout: 60
 monitored_nrpe_connection_timeout: 300

-monitored_nrpe_include_files: null
+monitored_nrpe_include_files: []
 monitored_nrpe_include_dirs:
  - nrpe.d/
  - nrpe.local.d/
+monitored_nrpe_include_owner: root

 monitored_nrpe_servicename: nrpe

-monitored_ssh_key_files:
-  - monitored.pub
+monitored_ssh_key_files: []
 monitored_ssh_key_wrapper: null
 monitored_ssh_key_wrapper_src: null
-monitored_ssh_key_wrapper_owner: "root"
+monitored_ssh_key_wrapper_owner: root
 monitored_ssh_key_wrapper_mode: "0750"

--- a/monitored.yml
+++ b/monitored.yml
@ -1,5 +1,10 @@
 ---
 - hosts: all
  roles:
-          - monitored
+
+          - role: epel
+            when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
+
+          - role: monitored
+            when: monitored_dont|default(False) != True

--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,9 +1,9 @@
 ---
- fail: msg="This system should not be monitored"
-  when: monitored_dont is defined
-
- fail: msg="Neither monitored_by_(ssh|nrpe) is set"
-  when: monitored_by_nrpe == False and monitored_by_ssh == False
+- name: Sanity checks
+  assert:
+    that:
+      - monitored_dont|default(False) != True
+      - monitored_by_nrpe == True or monitored_by_nrpe_ng == True or monitored_by_ssh == True

 - name: Gather OS Specific Variables
  include_vars: "{{ item }}"
@ -17,7 +17,7 @@
  package:
    name: "{{ monitored_packages_predepends }}"
    state: latest
-  when: monitored_packages_predepends
+  when: monitored_packages_predepends|default(False)

 - name: "INCLUDE: Create monitoring user"
  import_tasks: user.yml
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@ -1,29 +1,29 @@
 ---
 - name: Install NRPE daemon
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_nrpe }}"
    state: latest
-  with_items: "{{ monitored_packages_nrpe }}"

 - name: Install daemon config
  template:
    src: nrpe.cfg.j2
    dest: "{{ monitored_nrpe_basedir }}/nrpe.cfg"
-    owner: "{{ monitored_user }}"
+    owner: "root"
    group: "{{ monitored_group }}"
    mode: 0640
-    backup: True
+    backup: yes

 - name: Create snippet config dirs
  file:
    path: "{{ monitored_nrpe_basedir }}/{{ item }}"
    state: directory
-    owner: "{{ monitored_user }}"
+    owner: "{{ monitored_nrpe_include_owner }}"
    group: "{{ monitored_group }}"
    mode: 0750
-  with_items: "{{ monitored_nrpe_include_dirs }}"
+  loop: "{{ monitored_nrpe_include_dirs }}"

-#- include: nrpe_migrate.yml
+- name: "INCLUDE: Migrate custom NRPE files"
+  include: nrpe_migrate.yml

 - name: Enable NRPE
  service:
@ -35,12 +35,9 @@
    name: "{{ monitored_nrpe_servicename }}"
    state: restarted

-
 - name: Instal additional packages for NRPE monitoring
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional_nrpe }}"
    state: latest
-  with_items: "{{ monitored_packages_additional_nrpe }}"
-  when: monitored_packages_additional_nrpe
-
+  when: monitored_packages_additional_nrpe|bool

--- a/tasks/nrpe_migrate.yml
+++ b/tasks/nrpe_migrate.yml
@ -0,0 +1,2 @@
+---
+
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@ -1,26 +1,20 @@
 ---
 - name: Install Monitoring-Plugins
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_mp }}"
    state: latest
  register: monitoringplugins
  ignore_errors: True
-  with_items: "{{ monitored_packages_mp }}"
-

 - name: Install Nagios-Plugins
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_np }}"
    state: latest
-  with_items: "{{ monitored_packages_np }}"
  when: monitoringplugins is failed

-
- name: Instal additional packages
+- name: Install additional packages
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional }}"
    state: latest
-  with_items: "{{ monitored_packages_additional }}"
-  when: monitored_packages_additional
-
+  when: monitored_packages_additional|bool

--- a/tasks/plugins_custom.yml
+++ b/tasks/plugins_custom.yml
@ -1,4 +1,12 @@
 ---
+- name: Create custom plugin directory
+  file:
+    path: "{{ monitored_plugins_custom_path }}"
+    state: directory
+    owner: root
+    group: "{{ monitored_group }}"
+    mode: 0750
+
 - name: Copy custom plugins
  copy:
    src: "plugins_custom/{{ item }}"
@ -6,6 +14,5 @@
    owner: root
    group: "{{ monitored_group }}"
    mode: 0750
-  with_items: "{{ monitored_plugins_custom }}"
-
+  loop: "{{ monitored_plugins_custom }}"

--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@ -1,35 +1,25 @@
 ---
- name: Create dot-SSH directory for monitoring user
-  file:
-    path: "{{ monitored_homedir }}/.ssh/"
-    state: directory
-    owner: "{{ monitored_user }}"
-    group: "{{ monitored_group }}"
-    mode: 0700
-
 - name: Copy SSH authorized_keys for monitoring user
  authorized_key:
    user: "{{ monitored_user }}"
    key: "{{ lookup('file', item) }}"
-    key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'
-  with_items: "{{ monitored_ssh_key_files }}"
+    key_options: '{{ lookup("template", "ssh-key-options.j2") }}'
+    manage_dir: yes
+  loop: "{{ monitored_ssh_key_files }}"

 - name: Copy SSH wrapper
  copy:
    src: "{{ monitored_ssh_key_wrapper_src }}"
    dest: "{{ monitored_ssh_key_wrapper }}"
-    owner: "{{ monitored_ssh_key_wrapper_owner }}"
+    owner: "{{ monitored_ssh_key_wrapper_owner|default('root') }}"
    group: "{{ monitored_group }}"
    mode: "{{ monitored_ssh_key_wrapper_mode }}"
    backup: yes
-  when: monitored_ssh_key_wrapper_src|default(null)
-
+  when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False)

 - name: Instal additional packages for SSH monitoring
  package:
-    name: "{{ item }}"
+    name: "{{ monitored_packages_additional_ss }}"
    state: latest
-  with_items: "{{ monitored_packages_additional_ssh }}"
-  when: monitored_packages_additional_ssh
-
+  when: monitored_packages_additional_ssh|bool

--- a/tasks/user.yml
+++ b/tasks/user.yml
@ -29,4 +29,3 @@
    backup: yes
  with_items: "{{ monitored_sudo_commands|default([]) }}"

-
--- a/templates/ssh-key-options.j2
+++ b/templates/ssh-key-options.j2
@ -0,0 +1 @@
+    key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -1,8 +1,8 @@
 ---
 monitored_packages_mp:
-  - monitoring-plugins
+  - monitoring-plugins-basic
 monitored_packages_np:
-  - nagios-plugins
+  - nagios-plugins-basic

 monitored_packages_nrpe:
  - nagios-nrpe-server
				`@ -0,0 +1 @@`
				`key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'`