NRPE: Allow connections from ::1

2020-09-23 13:04:24 +00:00
11 changed files with 11 additions and 90 deletions
--- a/README.md
+++ b/README.md
@ -1,59 +0,0 @@
-monitored
-=========
-
-Prepare remote machine for monitoring with Naemon/Nagios/Icinga via NRPE and/or SSH
-
-Requirements
------------
-
- Role "epel" for RedHat-like systems
-
-Role Variables
--------------
-
-Defaults (config/overwrite required):
- `monitored_by_nrpe` (defaults: `False`): install/configure NRPE
- `monitored_by_ssh` (defaults: `False`): install/configure SSH incl. wrapper
-  script
- `monitored_server_ips` (defaults: `[127.0.0.1,]`: list(!) of monitoring server
-  ips
-
-Required for SSH:
- `monitored_ssh_key_files` (defaults: `[]`): list(!) of SSH key strings(!)
-
-Common variables:
- `monitored_packages_install` (defaults: `True`): install plugings
- `monitored_sudo_file` (defaults: `/etc/sudoers.d/monitored`): sudoers file
- `monitored_sudo_commands`: list of `sudoers` config lines
- `monitored_packages_additional(_nrpe|_ssh)`: additional packages to install
- `monitored_plugins_custom`: additional plugin scripts to copy
- `monitored_plugins_custom_path` (defaults: `/usr/local/plugins/`): path for
-  additional plugins
-
-NRPE:
- `monitored_nrpe_*`: NRPE config variables
-
-SSH:
- `monitored_ssh_key_wrapper`: local path/filename of wrapper
- `monitored_ssh_key_wrapper_src`: remote path and filename of wrapper
- `monitored_ssh_key_wrapper_*`: file attributes of wrapper
-
-Example Playbook
----------------
-
-    - hosts: all
-      roles:
-        - role: monitored
-          when: monitored_dont|default(False) != True
-
-License
-------
-
-GPL-2.0-or-later
-
-Author Information
------------------
-
-Sven Velt - <sven-ansiblerole@velt.biz>
-https://git.velt.biz/velt.biz/
-
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -6,7 +6,6 @@ monitored_user: nagios
 monitored_group: nagios
 monitored_homedir: /var/lib/nagios
 monitored_shell: /bin/bash
-monitored_password: null

 monitored_sudo_file: /etc/sudoers.d/monitored
 monitored_sudo_commands: []
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,5 +0,0 @@
---
-dependencies:
-  - role: epel
-    when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
-
--- a/monitored.yml
+++ b/monitored.yml
@ -2,10 +2,9 @@
 - hosts: all
  roles:

-# "epel" is already a dependency (meta/main.yml)
-#  - role: epel
-#    when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"
+          - role: epel
+            when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora"

-  - role: monitored
-    when: monitored_dont|default(False) != True
+          - role: monitored
+            when: monitored_dont|default(False) != True

--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -4,7 +4,6 @@
    that:
      - monitored_dont|default(False) != True
      - monitored_by_nrpe == True or monitored_by_ssh == True
-    fail_msg: "Neither monitored_by_nrpe nor monitored_by_ssh set to True"

 - name: Gather OS Specific Variables
  include_vars: "{{ item }}"
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@ -23,7 +23,7 @@
  loop: "{{ monitored_nrpe_include_dirs }}"

 - name: "INCLUDE: Migrate custom NRPE files"
-  import_tasks: nrpe_migrate.yml
+  include: nrpe_migrate.yml

 - name: Enable NRPE
  service:
@ -35,7 +35,7 @@
    name: "{{ monitored_nrpe_servicename }}"
    state: restarted

- name: Install additional packages for NRPE monitoring
+- name: Instal additional packages for NRPE monitoring
  package:
    name: "{{ monitored_packages_additional_nrpe }}"
    state: latest
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@ -1,10 +1,4 @@
 ---
- name: Sanity check
-  assert:
-    that:
-      - monitored_ssh_key_files|length > 0
-    fail_msg: "List of SSH keys ('monitored_ssh_key_files') is empty!"
-
 - name: Copy SSH authorized_keys for monitoring user
  authorized_key:
    user: "{{ monitored_user }}"
@ -23,7 +17,7 @@
    backup: yes
  when: monitored_ssh_key_wrapper_src|default(False) and monitored_ssh_key_wrapper|default(False)

- name: Install additional packages for SSH monitoring
+- name: Instal additional packages for SSH monitoring
  package:
    name: "{{ monitored_packages_additional_ssh }}"
    state: latest
--- a/tasks/user.yml
+++ b/tasks/user.yml
@ -13,7 +13,6 @@
    home: "{{ monitored_homedir }}"
    move_home: yes
    shell: "{{ monitored_shell }}"
-    password: "{{ monitored_password }}"
    state: present

 - name: "Install sudo (if required)"
--- a/templates/nrpe.cfg.j2
+++ b/templates/nrpe.cfg.j2
@ -1,9 +1,7 @@
 ### {{ ansible_managed }}

 log_facility=daemon
-{% if monitored_nrpe_pidfile %}pid_file={{ monitored_nrpe_pidfile }}
-{% else %}# pid_file=
-{% endif %}
+pid_file={{ monitored_nrpe_pidfile }}
 debug=0

 {% if monitored_nrpe_server_address %}server_address={{ monitored_nrpe_server_address }}
@ -14,7 +12,7 @@ server_port={{ monitored_nrpe_port }}
 nrpe_user={{ monitored_user }}
 nrpe_group={{ monitored_group }}

-allowed_hosts=127.0.0.1,{{ monitored_server_ips|join(',') }}
+allowed_hosts=127.0.0.1,::1,{{ monitored_server_ips|join(',') }}

 dont_blame_nrpe={% if monitored_nrpe_dont_blame == "1" %}1
 {% else %}0
--- a/templates/ssh-key-options.j2
+++ b/templates/ssh-key-options.j2
@ -1 +1 @@
-no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty,from="{{ monitored_server_ips|join(",") }}"{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}
+no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-pty{% if monitored_ssh_key_wrapper %},command="{{ monitored_ssh_key_wrapper }}"{% endif %}
--- a/vars/alpine.yml
+++ b/vars/alpine.yml
@ -1,7 +1,4 @@
 ---
-monitored_shell: /bin/ash
-monitored_password: '*'
-
 monitored_packages_mp:
  - monitoring-plugins
 monitored_packages_np:
@ -22,5 +19,5 @@ monitored_packages_nrpe:
  - nrpe

 monitored_nrpe_basedir: /etc
-monitored_nrpe_pidfile: False
+monitored_nrpe_pidfile: /var/run/nrpe.pid