Allow unauthenticated nagios read access

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/nagios_server/files/httpd/robots.txt

@@ -0,0 +1,2 @@
+User-Agent: *
+Disallow: /

roles/nagios_server/tasks/main.yml

@@ -274,6 +274,11 @@
   - nagios_server
 
 
+- name: Copy robots.txt
+  copy: src=httpd/robots.txt dest=/var/www/robots.txt
+  tags:
+  - nagios_server
+
 ## Build template files
 # This one may go to being just a regular config file if we can make remote monitoring work
 - name: Template out the nagios httpd conf

roles/nagios_server/templates/httpd/nagios.conf.j2

@@ -2,6 +2,8 @@
 ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
 ScriptAlias /tac.cgi         /usr/lib64/nagios/cgi-bin/tac.cgi
 
+Alias /robots.txt /var/www/robots.txt
+
 # Set up the authorization
 
 <Location /nagios>
@@ -16,13 +18,25 @@ ScriptAlias /tac.cgi         /usr/lib64/nagios/cgi-bin/tac.cgi
 {% endif %}
   GssapiLocalName on
   AuthType GSSAPI
-  Require valid-user
+  <Limit GET HEAD>
+    Require all granted
+  </Limit>
+  <LimitExcept GET HEAD>
+    Require valid-user
+  </LimitExcept>
 </Location>
 
 <Location ~ "/nagios/cgi-bin/">
   Options ExecCGI
 </Location>
 
+<Location /nagios/cgi-bin/cmd.cgi>
+  Require valid-user
+</Location>
+<Location /nagios/cgi-bin/config.cgi>
+  Require valid-user
+</Location>
+
 <Location /apache-status>
     SetHandler server-status
 {% if vars['nagios_location'] == 'external' %}