NRPE: Allow connections from ::1

README.md

@@ -1,59 +0,0 @@
-monitored
-=========
-
-Prepare remote machine for monitoring with Naemon/Nagios/Icinga via NRPE and/or SSH
-
-Requirements
-------------
-
-- Role "epel" for RedHat-like systems
-
-Role Variables
---------------
-
-Defaults (config/overwrite required):
-- `monitored_by_nrpe` (defaults: `false`): install/configure NRPE
-- `monitored_by_ssh` (defaults: `false`): install/configure SSH incl. wrapper
-  script
-- `monitored_server_ips` (defaults: `[127.0.0.1,]`: list(!) of monitoring server
-  ips
-
-Required for SSH:
-- `monitored_ssh_key_files` (defaults: `[]`): list(!) of SSH key strings(!)
-
-Common variables:
-- `monitored_packages_install` (defaults: `true`): install plugings
-- `monitored_sudo_file` (defaults: `/etc/sudoers.d/monitored`): sudoers file
-- `monitored_sudo_commands`: list of `sudoers` config lines
-- `monitored_packages_additional(_nrpe|_ssh)`: additional packages to install
-- `monitored_plugins_custom`: additional plugin scripts to copy
-- `monitored_plugins_custom_path` (defaults: `/usr/local/plugins/`): path for
-  additional plugins
-
-NRPE:
-- `monitored_nrpe_*`: NRPE config variables
-
-SSH:
-- `monitored_ssh_key_wrapper`: local path/filename of wrapper
-- `monitored_ssh_key_wrapper_src`: remote path and filename of wrapper
-- `monitored_ssh_key_wrapper_*`: file attributes of wrapper
-
-Example Playbook
-----------------
-
-    - hosts: all
-      roles:
-        - role: monitored
-          when: monitored_dont|default(false) != true
-
-License
--------
-
-GPL-2.0-or-later
-
-Author Information
-------------------
-
-Sven Velt - <sven-ansiblerole@velt.biz>
-https://git.velt.biz/velt.biz/
-

defaults/main.yml

@@ -1,17 +1,16 @@
 ---
-monitored_by_nrpe: false
+monitored_by_nrpe: False
-monitored_by_ssh: false
+monitored_by_ssh: False
 
 monitored_user: nagios
 monitored_group: nagios
 monitored_homedir: /var/lib/nagios
 monitored_shell: /bin/bash
-monitored_password: null
 
 monitored_sudo_file: /etc/sudoers.d/monitored
 monitored_sudo_commands: []
 
-monitored_packages_install: true
+monitored_packages_install: True
 monitored_packages_predepends: []
 monitored_packages_additional: []
 monitored_packages_additional_nrpe: []

meta/main.yml

@@ -1,5 +0,0 @@
----
-dependencies:
-  - role: epel
-    when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
-

monitored.yml

@@ -2,10 +2,9 @@
 - hosts: all
   roles:
 
-# "epel" is already a dependency (meta/main.yml)
+          - role: epel
-#  - role: epel
+            when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
-#    when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
 
-  - role: monitored
+          - role: monitored
-    when: monitored_dont|default(false) != true
+            when: monitored_dont|default(False) != True
 

tasks/main.yml

@@ -1,15 +1,9 @@
 ---
-- debug:
-    msg:
-      - "SSH:  {{ monitored_by_ssh }}"
-      - "NRPE: {{ monitored_by_nrpe }}"
-
 - name: Sanity checks
   assert:
     that:
-      - monitored_dont|default(false) != true
+      - monitored_dont|default(False) != True
-      - monitored_by_nrpe == true or monitored_by_ssh == true
+      - monitored_by_nrpe == True or monitored_by_ssh == True
-    fail_msg: "Neither monitored_by_nrpe nor monitored_by_ssh set to True"
 
 - name: Gather OS Specific Variables
   include_vars: "{{ item }}"
@@ -23,14 +17,14 @@
   package:
     name: "{{ monitored_packages_predepends }}"
     state: latest
-  when: monitored_packages_predepends|default(false)
+  when: monitored_packages_predepends|default(False)
 
 - name: "INCLUDE: Create monitoring user"
   import_tasks: user.yml
 
 - name: "INCLUDE: Install always necessary packages"
   include_tasks: packages.yml
-  when: monitored_packages_install != false
+  when: monitored_packages_install != False
 
 - name: "INCLUDE: Copy custom plugins"
   include_tasks: plugins_custom.yml
@@ -38,9 +32,9 @@
 
 - name: "INCLUDE: Monitoring by NRPE"
   include_tasks: nrpe.yml
-  when: monitored_by_nrpe == true
+  when: monitored_by_nrpe == True
 
 - name: "INCLUDE: Monitoring by SSH"
   include_tasks: ssh.yml
-  when: monitored_by_ssh == true
+  when: monitored_by_ssh == True
 

tasks/nrpe.yml

@@ -23,7 +23,7 @@
   loop: "{{ monitored_nrpe_include_dirs }}"
 
 - name: "INCLUDE: Migrate custom NRPE files"
-  import_tasks: nrpe_migrate.yml
+  include: nrpe_migrate.yml
 
 - name: Enable NRPE
   service:
@@ -35,7 +35,7 @@
     name: "{{ monitored_nrpe_servicename }}"
     state: restarted
 
-- name: Install additional packages for NRPE monitoring
+- name: Instal additional packages for NRPE monitoring
   package:
     name: "{{ monitored_packages_additional_nrpe }}"
     state: latest

tasks/packages.yml

@@ -4,7 +4,7 @@
     name: "{{ monitored_packages_mp }}"
     state: latest
   register: monitoringplugins
-  ignore_errors: true
+  ignore_errors: True
 
 - name: Install Nagios-Plugins
   package:

tasks/ssh.yml

@@ -1,10 +1,4 @@
 ---
-- name: Sanity check
-  assert:
-    that:
-      - monitored_ssh_key_files|length > 0
-    fail_msg: "List of SSH keys ('monitored_ssh_key_files') is empty!"
-
 - name: Copy SSH authorized_keys for monitoring user
   authorized_key:
     user: "{{ monitored_user }}"
@@ -21,9 +15,9 @@
     group: "{{ monitored_group }}"
     mode: "{{ monitored_ssh_key_wrapper_mode }}"
     backup: yes
-  when: monitored_ssh_key_wrapper_src|default(false) and monitored_ssh_key_wrapper|default(false)
+  when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False)
 
-- name: Install additional packages for SSH monitoring
+- name: Instal additional packages for SSH monitoring
   package:
     name: "{{ monitored_packages_additional_ssh }}"
     state: latest

tasks/user.yml

@@ -13,7 +13,6 @@
     home: "{{ monitored_homedir }}"
     move_home: yes
     shell: "{{ monitored_shell }}"
-    password: "{{ monitored_password }}"
     state: present
 
 - name: "Install sudo (if required)"

templates/nrpe.cfg.j2

@@ -1,9 +1,7 @@
 ### {{ ansible_managed }}
 
 log_facility=daemon
-{% if monitored_nrpe_pidfile %}pid_file={{ monitored_nrpe_pidfile }}
+pid_file={{ monitored_nrpe_pidfile }}
-{% else %}# pid_file=
-{% endif %}
 debug=0
 
 {% if monitored_nrpe_server_address %}server_address={{ monitored_nrpe_server_address }}
@@ -14,7 +12,7 @@ server_port={{ monitored_nrpe_port }}
 nrpe_user={{ monitored_user }}
 nrpe_group={{ monitored_group }}
 
-allowed_hosts=127.0.0.1,{{ monitored_server_ips|join(',') }}
+allowed_hosts=127.0.0.1,::1,{{ monitored_server_ips|join(',') }}
 
 dont_blame_nrpe={% if monitored_nrpe_dont_blame == "1" %}1
 {% else %}0

templates/ssh-key-options.j2

@@ -1 +1 @@
-no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty,from="{{ monitored_server_ips|join(",") }}"{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}
+no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}

vars/alpine.yml

@@ -1,7 +1,4 @@
 ---
-monitored_shell: /bin/ash
-monitored_password: '*'
-
 monitored_packages_mp:
   - monitoring-plugins
 monitored_packages_np:
@@ -22,5 +19,5 @@ monitored_packages_nrpe:
   - nrpe
 
 monitored_nrpe_basedir: /etc
-monitored_nrpe_pidfile: false
+monitored_nrpe_pidfile: /var/run/nrpe.pid
 

vars/void.yml

@@ -1,15 +1,10 @@
 ---
-monitored_user: _nagios
+monitored_by_nrpe: False
-monitored_group: _nagios
+
+monitored_packages_nrpe: null
 
 monitored_packages_mp:
   - monitoring-plugins
 monitored_packages_np:
   - nagios-plugins
 
-monitored_packages_nrpe:
-  - nrpe
-
-monitored_nrpe_basedir: /etc/nagios
-monitored_nrpe_pidfile: /run/nrpe/nrpe.pid
-