Rework some parts, changes for new Ansible versions

This commit is contained in:
Sven Velt 2019-11-13 20:49:59 +00:00
parent ab8d92a139
commit 789f944881
11 changed files with 54 additions and 56 deletions

View file

@ -7,6 +7,9 @@ monitored_group: nagios
monitored_homedir: /var/lib/nagios monitored_homedir: /var/lib/nagios
monitored_shell: /bin/bash monitored_shell: /bin/bash
monitored_sudo_file: /etc/sudoers.d/monitored
monitored_sudo_commands: []
monitored_packages_install: True monitored_packages_install: True
monitored_packages_predepends: [] monitored_packages_predepends: []
monitored_packages_additional: [] monitored_packages_additional: []
@ -27,17 +30,17 @@ monitored_nrpe_command_prefix: null
monitored_nrpe_command_timeout: 60 monitored_nrpe_command_timeout: 60
monitored_nrpe_connection_timeout: 300 monitored_nrpe_connection_timeout: 300
monitored_nrpe_include_files: null monitored_nrpe_include_files: []
monitored_nrpe_include_dirs: monitored_nrpe_include_dirs:
- nrpe.d/ - nrpe.d/
- nrpe.local.d/ - nrpe.local.d/
monitored_nrpe_include_owner: root
monitored_nrpe_servicename: nrpe monitored_nrpe_servicename: nrpe
monitored_ssh_key_files: monitored_ssh_key_files: []
- monitored.pub
monitored_ssh_key_wrapper: null monitored_ssh_key_wrapper: null
monitored_ssh_key_wrapper_src: null monitored_ssh_key_wrapper_src: null
monitored_ssh_key_wrapper_owner: "root" monitored_ssh_key_wrapper_owner: root
monitored_ssh_key_wrapper_mode: "0750" monitored_ssh_key_wrapper_mode: "0750"

View file

@ -1,5 +1,10 @@
--- ---
- hosts: all - hosts: all
roles: roles:
- monitored
- role: epel
when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
- role: monitored
when: monitored_dont|default(False) != True

View file

@ -1,9 +1,9 @@
--- ---
- fail: msg="This system should not be monitored" - name: Sanity checks
when: monitored_dont is defined assert:
that:
- fail: msg="Neither monitored_by_(ssh|nrpe) is set" - monitored_dont|default(False) != True
when: monitored_by_nrpe == False and monitored_by_ssh == False - monitored_by_nrpe == True or monitored_by_nrpe_ng == True or monitored_by_ssh == True
- name: Gather OS Specific Variables - name: Gather OS Specific Variables
include_vars: "{{ item }}" include_vars: "{{ item }}"
@ -17,7 +17,7 @@
package: package:
name: "{{ monitored_packages_predepends }}" name: "{{ monitored_packages_predepends }}"
state: latest state: latest
when: monitored_packages_predepends when: monitored_packages_predepends|default(False)
- name: "INCLUDE: Create monitoring user" - name: "INCLUDE: Create monitoring user"
import_tasks: user.yml import_tasks: user.yml

View file

@ -1,29 +1,29 @@
--- ---
- name: Install NRPE daemon - name: Install NRPE daemon
package: package:
name: "{{ item }}" name: "{{ monitored_packages_nrpe }}"
state: latest state: latest
with_items: "{{ monitored_packages_nrpe }}"
- name: Install daemon config - name: Install daemon config
template: template:
src: nrpe.cfg.j2 src: nrpe.cfg.j2
dest: "{{ monitored_nrpe_basedir }}/nrpe.cfg" dest: "{{ monitored_nrpe_basedir }}/nrpe.cfg"
owner: "{{ monitored_user }}" owner: "root"
group: "{{ monitored_group }}" group: "{{ monitored_group }}"
mode: 0640 mode: 0640
backup: True backup: yes
- name: Create snippet config dirs - name: Create snippet config dirs
file: file:
path: "{{ monitored_nrpe_basedir }}/{{ item }}" path: "{{ monitored_nrpe_basedir }}/{{ item }}"
state: directory state: directory
owner: "{{ monitored_user }}" owner: "{{ monitored_nrpe_include_owner }}"
group: "{{ monitored_group }}" group: "{{ monitored_group }}"
mode: 0750 mode: 0750
with_items: "{{ monitored_nrpe_include_dirs }}" loop: "{{ monitored_nrpe_include_dirs }}"
#- include: nrpe_migrate.yml - name: "INCLUDE: Migrate custom NRPE files"
include: nrpe_migrate.yml
- name: Enable NRPE - name: Enable NRPE
service: service:
@ -35,12 +35,9 @@
name: "{{ monitored_nrpe_servicename }}" name: "{{ monitored_nrpe_servicename }}"
state: restarted state: restarted
- name: Instal additional packages for NRPE monitoring - name: Instal additional packages for NRPE monitoring
package: package:
name: "{{ item }}" name: "{{ monitored_packages_additional_nrpe }}"
state: latest state: latest
with_items: "{{ monitored_packages_additional_nrpe }}" when: monitored_packages_additional_nrpe|bool
when: monitored_packages_additional_nrpe

2
tasks/nrpe_migrate.yml Normal file
View file

@ -0,0 +1,2 @@
---

View file

@ -1,26 +1,20 @@
--- ---
- name: Install Monitoring-Plugins - name: Install Monitoring-Plugins
package: package:
name: "{{ item }}" name: "{{ monitored_packages_mp }}"
state: latest state: latest
register: monitoringplugins register: monitoringplugins
ignore_errors: True ignore_errors: True
with_items: "{{ monitored_packages_mp }}"
- name: Install Nagios-Plugins - name: Install Nagios-Plugins
package: package:
name: "{{ item }}" name: "{{ monitored_packages_np }}"
state: latest state: latest
with_items: "{{ monitored_packages_np }}"
when: monitoringplugins is failed when: monitoringplugins is failed
- name: Install additional packages
- name: Instal additional packages
package: package:
name: "{{ item }}" name: "{{ monitored_packages_additional }}"
state: latest state: latest
with_items: "{{ monitored_packages_additional }}" when: monitored_packages_additional|bool
when: monitored_packages_additional

View file

@ -1,4 +1,12 @@
--- ---
- name: Create custom plugin directory
file:
path: "{{ monitored_plugins_custom_path }}"
state: directory
owner: root
group: "{{ monitored_group }}"
mode: 0750
- name: Copy custom plugins - name: Copy custom plugins
copy: copy:
src: "plugins_custom/{{ item }}" src: "plugins_custom/{{ item }}"
@ -6,6 +14,5 @@
owner: root owner: root
group: "{{ monitored_group }}" group: "{{ monitored_group }}"
mode: 0750 mode: 0750
with_items: "{{ monitored_plugins_custom }}" loop: "{{ monitored_plugins_custom }}"

View file

@ -1,35 +1,25 @@
--- ---
- name: Create dot-SSH directory for monitoring user
file:
path: "{{ monitored_homedir }}/.ssh/"
state: directory
owner: "{{ monitored_user }}"
group: "{{ monitored_group }}"
mode: 0700
- name: Copy SSH authorized_keys for monitoring user - name: Copy SSH authorized_keys for monitoring user
authorized_key: authorized_key:
user: "{{ monitored_user }}" user: "{{ monitored_user }}"
key: "{{ lookup('file', item) }}" key: "{{ lookup('file', item) }}"
key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}' key_options: '{{ lookup("template", "ssh-key-options.j2") }}'
with_items: "{{ monitored_ssh_key_files }}" manage_dir: yes
loop: "{{ monitored_ssh_key_files }}"
- name: Copy SSH wrapper - name: Copy SSH wrapper
copy: copy:
src: "{{ monitored_ssh_key_wrapper_src }}" src: "{{ monitored_ssh_key_wrapper_src }}"
dest: "{{ monitored_ssh_key_wrapper }}" dest: "{{ monitored_ssh_key_wrapper }}"
owner: "{{ monitored_ssh_key_wrapper_owner }}" owner: "{{ monitored_ssh_key_wrapper_owner|default('root') }}"
group: "{{ monitored_group }}" group: "{{ monitored_group }}"
mode: "{{ monitored_ssh_key_wrapper_mode }}" mode: "{{ monitored_ssh_key_wrapper_mode }}"
backup: yes backup: yes
when: monitored_ssh_key_wrapper_src|default(null) when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False)
- name: Instal additional packages for SSH monitoring - name: Instal additional packages for SSH monitoring
package: package:
name: "{{ item }}" name: "{{ monitored_packages_additional_ss }}"
state: latest state: latest
with_items: "{{ monitored_packages_additional_ssh }}" when: monitored_packages_additional_ssh|bool
when: monitored_packages_additional_ssh

View file

@ -29,4 +29,3 @@
backup: yes backup: yes
with_items: "{{ monitored_sudo_commands|default([]) }}" with_items: "{{ monitored_sudo_commands|default([]) }}"

View file

@ -0,0 +1 @@
key_options: 'no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}'

View file

@ -1,8 +1,8 @@
--- ---
monitored_packages_mp: monitored_packages_mp:
- monitoring-plugins - monitoring-plugins-basic
monitored_packages_np: monitored_packages_np:
- nagios-plugins - nagios-plugins-basic
monitored_packages_nrpe: monitored_packages_nrpe:
- nagios-nrpe-server - nagios-nrpe-server