forked from ISTI-ansible-roles/ansible-roles
library/roles/nagios: manage more than allowed IP in the nrpe access list.
library/roles/nagios: conditionally use users_system_users to allow unprivileged users in the nrpe users check. library/vars/isti-global.yml: add a second IP for nagios.
This commit is contained in:
parent
4b6d16be88
commit
03a9c656be
|
|
@ -13,6 +13,10 @@ nagios_common_lib: check_library.sh
|
||||||
nagios_hw: False
|
nagios_hw: False
|
||||||
nagios_check_disk_w: 10
|
nagios_check_disk_w: 10
|
||||||
nagios_check_disk_c: 5
|
nagios_check_disk_c: 5
|
||||||
|
# If true, reads the users list from the variable 'users_system_users'
|
||||||
|
# See library/roles/users
|
||||||
|
nagios_multiple_allowed_users: False
|
||||||
|
nagios_multiple_users_allow_root: True
|
||||||
nagios_allowed_users: root
|
nagios_allowed_users: root
|
||||||
|
|
||||||
nagios_monitoring_obj_dir: /etc/nagios3/objects
|
nagios_monitoring_obj_dir: /etc/nagios3/objects
|
||||||
|
|
@ -28,6 +32,17 @@ nagios_server_files:
|
||||||
- services.cfg
|
- services.cfg
|
||||||
- commands.cfg
|
- commands.cfg
|
||||||
|
|
||||||
|
nagios_plugins_base_pkgs:
|
||||||
|
- nagios-plugins
|
||||||
|
- nagios-plugins-basic
|
||||||
|
- nagios-plugins-standard
|
||||||
|
- nagios-nrpe-server
|
||||||
|
- sudo
|
||||||
|
|
||||||
|
nagios_plugins_contrib:
|
||||||
|
- nagios-plugins-contrib
|
||||||
|
|
||||||
|
|
||||||
nagios_psql_query_time_w: 40
|
nagios_psql_query_time_w: 40
|
||||||
nagios_psql_query_time_c: 60
|
nagios_psql_query_time_c: 60
|
||||||
nagios_psql_db_size_w: 150000000
|
nagios_psql_db_size_w: 150000000
|
||||||
|
|
|
||||||
|
|
@ -1,33 +1,23 @@
|
||||||
---
|
---
|
||||||
- name: Install the nagios packages
|
- name: Install the nagios packages
|
||||||
apt: pkg={{ item }} state=installed
|
apt: pkg={{ item }} state=installed
|
||||||
with_items:
|
with_items: nagios_plugins_base_pkgs
|
||||||
- nagios-plugins
|
|
||||||
- nagios-plugins-basic
|
|
||||||
- nagios-plugins-standard
|
|
||||||
- nagios-nrpe-server
|
|
||||||
- sudo
|
|
||||||
when: is_not_debian_less_than_6
|
when: is_not_debian_less_than_6
|
||||||
tags:
|
tags: nagios
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: debian 6 has other nagios plugins
|
- name: debian 6 has additional nagios plugins
|
||||||
apt: pkg={{ item }} state=installed
|
apt: pkg={{ item }} state=installed
|
||||||
with_items:
|
with_items: nagios_plugins_contrib
|
||||||
- nagios-plugins-contrib
|
|
||||||
when: is_debian6
|
when: is_debian6
|
||||||
tags:
|
tags: nagios
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: Create the directory where our local plugins are installed
|
- name: Create the directory where our local plugins are installed
|
||||||
file: path={{ nagios_isti_plugdir }} state=directory
|
file: path={{ nagios_isti_plugdir }} state=directory
|
||||||
tags:
|
tags: nagios
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: Install the generic shell library used by some custom checks
|
- name: Install the generic shell library used by some custom checks
|
||||||
template: src=check_library.sh.j2 dest={{ nagios_isti_plugdir }}/check_library.sh owner=root group=root mode=0644
|
template: src=check_library.sh.j2 dest={{ nagios_isti_plugdir }}/check_library.sh owner=root group=root mode=0644
|
||||||
tags:
|
tags: nagios
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: Install plugins that can be useful on all the installed servers
|
- name: Install plugins that can be useful on all the installed servers
|
||||||
copy: src={{ item }} dest={{ nagios_isti_plugdir }}/{{ item }} owner=root group=nagios mode=0755
|
copy: src={{ item }} dest={{ nagios_isti_plugdir }}/{{ item }} owner=root group=nagios mode=0755
|
||||||
|
|
@ -35,37 +25,26 @@
|
||||||
- check_system_pp
|
- check_system_pp
|
||||||
- show_users
|
- show_users
|
||||||
- check_netint.pl
|
- check_netint.pl
|
||||||
tags:
|
tags: nagios
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: Install the global nrpe commands file
|
- name: Install the global nrpe commands file
|
||||||
template: src=common-nrpe.cfg.j2 dest=/etc/nagios/nrpe.d/common.cfg owner=root group=root mode=444
|
template: src=common-nrpe.cfg.j2 dest=/etc/nagios/nrpe.d/common.cfg owner=root group=root mode=444
|
||||||
notify:
|
notify: Reload NRPE server
|
||||||
- Reload NRPE server
|
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||||
tags:
|
|
||||||
- nrpe
|
|
||||||
- nagios
|
|
||||||
|
|
||||||
- name: set the NRPE ACL
|
- name: set the NRPE ACL
|
||||||
action: |
|
action: |
|
||||||
lineinfile name=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="allowed_hosts=127.0.0.1,{{ nagios_monitoring_server_ip }}"
|
lineinfile name=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="allowed_hosts=127.0.0.1,{% for ip in nagios_monitoring_server_ip %}{{ ip }}{%if not loop.last %},{% endif %}{% endfor %}"
|
||||||
notify:
|
notify: Reload NRPE server
|
||||||
- Reload NRPE server
|
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||||
tags:
|
|
||||||
- nagios
|
|
||||||
- nrpe
|
|
||||||
|
|
||||||
- name: set the NRPE default timeout
|
- name: set the NRPE default timeout
|
||||||
lineinfile: name=/etc/nagios/nrpe.cfg regexp="command_timeout=" line="command_timeout={{ nrpe_command_timeout }}"
|
lineinfile: name=/etc/nagios/nrpe.cfg regexp="command_timeout=" line="command_timeout={{ nrpe_command_timeout }}"
|
||||||
notify:
|
notify: Reload NRPE server
|
||||||
- Reload NRPE server
|
tags: [ 'nagios', 'nrpe', 'nrpe_cfg' ]
|
||||||
tags:
|
|
||||||
- nagios
|
|
||||||
- nrpe
|
|
||||||
|
|
||||||
- name: nagios needs root to execute some commands. We do it via sudo
|
- name: nagios needs root to execute some commands. We do it via sudo
|
||||||
template: src=nagios.sudoers.j2 dest=/etc/sudoers.d/nagios owner=root group=root mode=0440
|
template: src=nagios.sudoers.j2 dest=/etc/sudoers.d/nagios owner=root group=root mode=0440
|
||||||
tags:
|
tags: [ 'nagios', 'nrpe', 'sudo' ]
|
||||||
- nagios
|
|
||||||
- nrpe
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,11 @@ command[global_check_gmond]={{ nagios_plugins_dir }}/check_procs -w 1:1 -c 1:1 -
|
||||||
command[global_check_munin]={{ nagios_plugins_dir }}/check_procs -w 1:1 -c 1:1 -C munin-node
|
command[global_check_munin]={{ nagios_plugins_dir }}/check_procs -w 1:1 -c 1:1 -C munin-node
|
||||||
|
|
||||||
# Show number and username of the logged users
|
# Show number and username of the logged users
|
||||||
|
{% if nagios_multiple_allowed_users %}
|
||||||
|
command[global_show_users]={{ nagios_isti_plugdir }}/show_users -a {% if nagios_multiple_users_allow_root %}root,{% endif %}{% for u in users_system_users %}{{ u.login }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||||
|
{% else %}
|
||||||
command[global_show_users]={{ nagios_isti_plugdir }}/show_users -a {{ nagios_allowed_users }}
|
command[global_show_users]={{ nagios_isti_plugdir }}/show_users -a {{ nagios_allowed_users }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Generic script that monitors the existance of a given processes list
|
# Generic script that monitors the existance of a given processes list
|
||||||
command[global_check_system_pp]={{ nagios_isti_plugdir }}/check_system_pp
|
command[global_check_system_pp]={{ nagios_isti_plugdir }}/check_system_pp
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue