library/roles/nagios: manage more than allowed IP in the nrpe access list.
library/roles/nagios: conditionally use users_system_users to allow unprivileged users in the nrpe users check. library/vars/isti-global.yml: add a second IP for nagios.
This commit is contained in:
parent
4b6d16be88
commit
03a9c656be
|
|
@ -13,6 +13,10 @@ nagios_common_lib: check_library.sh
|
|||
nagios_hw: False
|
||||
nagios_check_disk_w: 10
|
||||
nagios_check_disk_c: 5
|
||||
# If true, reads the users list from the variable 'users_system_users'
|
||||
# See library/roles/users
|
||||
nagios_multiple_allowed_users: False
|
||||
nagios_multiple_users_allow_root: True
|
||||
nagios_allowed_users: root
|
||||
|
||||
nagios_monitoring_obj_dir: /etc/nagios3/objects
|
||||
|
|
@ -28,6 +32,17 @@ nagios_server_files:
|
|||
- services.cfg
|
||||
- commands.cfg
|
||||
|
||||
nagios_plugins_base_pkgs:
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-standard
|
||||
- nagios-nrpe-server
|
||||
- sudo
|
||||
|
||||
nagios_plugins_contrib:
|
||||
- nagios-plugins-contrib
|
||||
|
||||
|
||||
nagios_psql_query_time_w: 40
|
||||
nagios_psql_query_time_c: 60
|
||||
nagios_psql_db_size_w: 150000000
|
||||
|
|
|
|||
|
|
@ -1,33 +1,23 @@
|
|||
---
|
||||
- name: Install the nagios packages
|
||||
apt: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-standard
|
||||
- nagios-nrpe-server
|
||||
- sudo
|
||||
with_items: nagios_plugins_base_pkgs
|
||||
when: is_not_debian_less_than_6
|
||||
tags:
|
||||
- nagios
|
||||
tags: nagios
|
||||
|
||||
- name: debian 6 has other nagios plugins
|
||||
- name: debian 6 has additional nagios plugins
|
||||
apt: pkg={{ item }} state=installed
|
||||
with_items:
|
||||
- nagios-plugins-contrib
|
||||
with_items: nagios_plugins_contrib
|
||||
when: is_debian6
|
||||
tags:
|
||||
- nagios
|
||||
tags: nagios
|
||||
|
||||
- name: Create the directory where our local plugins are installed
|
||||
file: path={{ nagios_isti_plugdir }} state=directory
|
||||
tags:
|
||||
- nagios
|
||||
tags: nagios
|
||||
|
||||
- name: Install the generic shell library used by some custom checks
|
||||
template: src=check_library.sh.j2 dest={{ nagios_isti_plugdir }}/check_library.sh owner=root group=root mode=0644
|
||||
tags:
|
||||
- nagios
|
||||
tags: nagios
|
||||
|
||||
- name: Install plugins that can be useful on all the installed servers
|
||||
copy: src={{ item }} dest={{ nagios_isti_plugdir }}/{{ item }} owner=root group=nagios mode=0755
|
||||
|
|
@ -35,37 +25,26 @@
|
|||
- check_system_pp
|
||||
- show_users
|
||||
- check_netint.pl
|
||||
tags:
|
||||
- nagios
|
||||
tags: nagios
|
||||
|
||||
- name: Install the global nrpe commands file
|
||||
template: src=common-nrpe.cfg.j2 dest=/etc/nagios/nrpe.d/common.cfg owner=root group=root mode=444
|
||||
notify:
|
||||
- Reload NRPE server
|
||||
tags:
|
||||
- nrpe
|
||||
- nagios
|
||||
notify: Reload NRPE server
|
||||
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||
|
||||
- name: set the NRPE ACL
|
||||
action: |
|
||||
lineinfile name=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="allowed_hosts=127.0.0.1,{{ nagios_monitoring_server_ip }}"
|
||||
notify:
|
||||
- Reload NRPE server
|
||||
tags:
|
||||
- nagios
|
||||
- nrpe
|
||||
lineinfile name=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="allowed_hosts=127.0.0.1,{% for ip in nagios_monitoring_server_ip %}{{ ip }}{%if not loop.last %},{% endif %}{% endfor %}"
|
||||
notify: Reload NRPE server
|
||||
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||
|
||||
- name: set the NRPE default timeout
|
||||
lineinfile: name=/etc/nagios/nrpe.cfg regexp="command_timeout=" line="command_timeout={{ nrpe_command_timeout }}"
|
||||
notify:
|
||||
- Reload NRPE server
|
||||
tags:
|
||||
- nagios
|
||||
- nrpe
|
||||
notify: Reload NRPE server
|
||||
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||
|
||||
- name: nagios needs root to execute some commands. We do it via sudo
|
||||
template: src=nagios.sudoers.j2 dest=/etc/sudoers.d/nagios owner=root group=root mode=0440
|
||||
tags:
|
||||
- nagios
|
||||
- nrpe
|
||||
tags: [ 'nagios', 'nrpe', 'sudo' ]
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,11 @@ command[global_check_gmond]={{ nagios_plugins_dir }}/check_procs -w 1:1 -c 1:1 -
|
|||
command[global_check_munin]={{ nagios_plugins_dir }}/check_procs -w 1:1 -c 1:1 -C munin-node
|
||||
|
||||
# Show number and username of the logged users
|
||||
{% if nagios_multiple_allowed_users %}
|
||||
command[global_show_users]={{ nagios_isti_plugdir }}/show_users -a {% if nagios_multiple_users_allow_root %}root,{% endif %}{% for u in users_system_users %}{{ u.login }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
{% else %}
|
||||
command[global_show_users]={{ nagios_isti_plugdir }}/show_users -a {{ nagios_allowed_users }}
|
||||
{% endif %}
|
||||
|
||||
# Generic script that monitors the existance of a given processes list
|
||||
command[global_check_system_pp]={{ nagios_isti_plugdir }}/check_system_pp
|
||||
|
|
|
|||
Loading…
Reference in New Issue