From 789f944881144ede11b6788097432cb45ebdb5f7 Mon Sep 17 00:00:00 2001 From: Sven Velt Date: Wed, 13 Nov 2019 20:49:59 +0000 Subject: [PATCH] Rework some parts, changes for new Ansible versions --- defaults/main.yml | 11 +++++++---- monitored.yml | 7 ++++++- tasks/main.yml | 12 ++++++------ tasks/nrpe.yml | 21 +++++++++------------ tasks/nrpe_migrate.yml | 2 ++ tasks/packages.yml | 16 +++++----------- tasks/plugins_custom.yml | 11 +++++++++-- tasks/ssh.yml | 24 +++++++----------------- tasks/user.yml | 1 - templates/ssh-key-options.j2 | 1 + vars/debian.yml | 4 ++-- 11 files changed, 54 insertions(+), 56 deletions(-) create mode 100644 tasks/nrpe_migrate.yml create mode 100644 templates/ssh-key-options.j2 diff --git a/defaults/main.yml b/defaults/main.yml index f27e065..0fb9eb4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,9 @@ monitored_group: nagios monitored_homedir: /var/lib/nagios monitored_shell: /bin/bash +monitored_sudo_file: /etc/sudoers.d/monitored +monitored_sudo_commands: [] + monitored_packages_install: True monitored_packages_predepends: [] monitored_packages_additional: [] @@ -27,17 +30,17 @@ monitored_nrpe_command_prefix: null monitored_nrpe_command_timeout: 60 monitored_nrpe_connection_timeout: 300 -monitored_nrpe_include_files: null +monitored_nrpe_include_files: [] monitored_nrpe_include_dirs: - nrpe.d/ - nrpe.local.d/ +monitored_nrpe_include_owner: root monitored_nrpe_servicename: nrpe -monitored_ssh_key_files: - - monitored.pub +monitored_ssh_key_files: [] monitored_ssh_key_wrapper: null monitored_ssh_key_wrapper_src: null -monitored_ssh_key_wrapper_owner: "root" +monitored_ssh_key_wrapper_owner: root monitored_ssh_key_wrapper_mode: "0750" diff --git a/monitored.yml b/monitored.yml index b42e268..e337308 100644 --- a/monitored.yml +++ b/monitored.yml @@ -1,5 +1,10 @@ --- - hosts: all roles: - - monitored + + - role: epel + when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" + + - role: monitored + when: monitored_dont|default(False) != True diff --git a/tasks/main.yml b/tasks/main.yml index f28a43c..9e1362d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,9 @@ --- -- fail: msg="This system should not be monitored" - when: monitored_dont is defined - -- fail: msg="Neither monitored_by_(ssh|nrpe) is set" - when: monitored_by_nrpe == False and monitored_by_ssh == False +- name: Sanity checks + assert: + that: + - monitored_dont|default(False) != True + - monitored_by_nrpe == True or monitored_by_nrpe_ng == True or monitored_by_ssh == True - name: Gather OS Specific Variables include_vars: "{{ item }}" @@ -17,7 +17,7 @@ package: name: "{{ monitored_packages_predepends }}" state: latest - when: monitored_packages_predepends + when: monitored_packages_predepends|default(False) - name: "INCLUDE: Create monitoring user" import_tasks: user.yml diff --git a/tasks/nrpe.yml b/tasks/nrpe.yml index c282a88..33b2089 100644 --- a/tasks/nrpe.yml +++ b/tasks/nrpe.yml @@ -1,29 +1,29 @@ --- - name: Install NRPE daemon package: - name: "{{ item }}" + name: "{{ monitored_packages_nrpe }}" state: latest - with_items: "{{ monitored_packages_nrpe }}" - name: Install daemon config template: src: nrpe.cfg.j2 dest: "{{ monitored_nrpe_basedir }}/nrpe.cfg" - owner: "{{ monitored_user }}" + owner: "root" group: "{{ monitored_group }}" mode: 0640 - backup: True + backup: yes - name: Create snippet config dirs file: path: "{{ monitored_nrpe_basedir }}/{{ item }}" state: directory - owner: "{{ monitored_user }}" + owner: "{{ monitored_nrpe_include_owner }}" group: "{{ monitored_group }}" mode: 0750 - with_items: "{{ monitored_nrpe_include_dirs }}" + loop: "{{ monitored_nrpe_include_dirs }}" -#- include: nrpe_migrate.yml +- name: "INCLUDE: Migrate custom NRPE files" + include: nrpe_migrate.yml - name: Enable NRPE service: @@ -35,12 +35,9 @@ name: "{{ monitored_nrpe_servicename }}" state: restarted - - name: Instal additional packages for NRPE monitoring package: - name: "{{ item }}" + name: "{{ monitored_packages_additional_nrpe }}" state: latest - with_items: "{{ monitored_packages_additional_nrpe }}" - when: monitored_packages_additional_nrpe - + when: monitored_packages_additional_nrpe|bool diff --git a/tasks/nrpe_migrate.yml b/tasks/nrpe_migrate.yml new file mode 100644 index 0000000..cd21505 --- /dev/null +++ b/tasks/nrpe_migrate.yml @@ -0,0 +1,2 @@ +--- + diff --git a/tasks/packages.yml b/tasks/packages.yml index 4999875..63b3205 100644 --- a/tasks/packages.yml +++ b/tasks/packages.yml @@ -1,26 +1,20 @@ --- - name: Install Monitoring-Plugins package: - name: "{{ item }}" + name: "{{ monitored_packages_mp }}" state: latest register: monitoringplugins ignore_errors: True - with_items: "{{ monitored_packages_mp }}" - - name: Install Nagios-Plugins package: - name: "{{ item }}" + name: "{{ monitored_packages_np }}" state: latest - with_items: "{{ monitored_packages_np }}" when: monitoringplugins is failed - -- name: Instal additional packages +- name: Install additional packages package: - name: "{{ item }}" + name: "{{ monitored_packages_additional }}" state: latest - with_items: "{{ monitored_packages_additional }}" - when: monitored_packages_additional - + when: monitored_packages_additional|bool diff --git a/tasks/plugins_custom.yml b/tasks/plugins_custom.yml index 6130dc3..7eb37eb 100644 --- a/tasks/plugins_custom.yml +++ b/tasks/plugins_custom.yml @@ -1,4 +1,12 @@ --- +- name: Create custom plugin directory + file: + path: "{{ monitored_plugins_custom_path }}" + state: directory + owner: root + group: "{{ monitored_group }}" + mode: 0750 + - name: Copy custom plugins copy: src: "plugins_custom/{{ item }}" @@ -6,6 +14,5 @@ owner: root group: "{{ monitored_group }}" mode: 0750 - with_items: "{{ monitored_plugins_custom }}" - + loop: "{{ monitored_plugins_custom }}" diff --git a/tasks/ssh.yml b/tasks/ssh.yml index 66b7c41..e5d487e 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -1,35 +1,25 @@ --- -- name: Create dot-SSH directory for monitoring user - file: - path: "{{ monitored_homedir }}/.ssh/" - state: directory - owner: "{{ monitored_user }}" - group: "{{ monitored_group }}" - mode: 0700 - - name: Copy SSH authorized_keys for monitoring user authorized_key: user: "{{ monitored_user }}" key: "{{ lookup('file', item) }}" - key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}' - with_items: "{{ monitored_ssh_key_files }}" + key_options: '{{ lookup("template", "ssh-key-options.j2") }}' + manage_dir: yes + loop: "{{ monitored_ssh_key_files }}" - name: Copy SSH wrapper copy: src: "{{ monitored_ssh_key_wrapper_src }}" dest: "{{ monitored_ssh_key_wrapper }}" - owner: "{{ monitored_ssh_key_wrapper_owner }}" + owner: "{{ monitored_ssh_key_wrapper_owner|default('root') }}" group: "{{ monitored_group }}" mode: "{{ monitored_ssh_key_wrapper_mode }}" backup: yes - when: monitored_ssh_key_wrapper_src|default(null) - + when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False) - name: Instal additional packages for SSH monitoring package: - name: "{{ item }}" + name: "{{ monitored_packages_additional_ss }}" state: latest - with_items: "{{ monitored_packages_additional_ssh }}" - when: monitored_packages_additional_ssh - + when: monitored_packages_additional_ssh|bool diff --git a/tasks/user.yml b/tasks/user.yml index 5b9af49..f0e0ec5 100644 --- a/tasks/user.yml +++ b/tasks/user.yml @@ -29,4 +29,3 @@ backup: yes with_items: "{{ monitored_sudo_commands|default([]) }}" - diff --git a/templates/ssh-key-options.j2 b/templates/ssh-key-options.j2 new file mode 100644 index 0000000..5d3ceba --- /dev/null +++ b/templates/ssh-key-options.j2 @@ -0,0 +1 @@ + key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}' diff --git a/vars/debian.yml b/vars/debian.yml index d23c869..bacae1b 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -1,8 +1,8 @@ --- monitored_packages_mp: - - monitoring-plugins + - monitoring-plugins-basic monitored_packages_np: - - nagios-plugins + - nagios-plugins-basic monitored_packages_nrpe: - nagios-nrpe-server