diff --git a/playbooks/include/proxies-redirects.yml b/playbooks/include/proxies-redirects.yml
index 5a27e06820..a29b119713 100644
--- a/playbooks/include/proxies-redirects.yml
+++ b/playbooks/include/proxies-redirects.yml
@@ -31,12 +31,6 @@
path: /nagios
target: https://nagios.fedoraproject.org/nagios/
- - role: httpd/redirect
- name: nagios-external
- website: admin.fedoraproject.org
- path: /nagios-external
- target: https://nagios.fedoraproject.org/nagios-external/
-
- role: httpd/redirect
name: docs
website: fedoraproject.org
diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 2c13c5e1cc..f58faee569 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -44,13 +44,6 @@
remotepath: /nagios/
proxyurl: http://noc01.phx2.fedoraproject.org
- - role: httpd/reverseproxy
- website: nagios.fedoraproject.org
- destname: nagios-external
- localpath: /nagios-external
- remotepath: /nagios-external/
- proxyurl: http://noc02.fedoraproject.org
-
- role: httpd/reverseproxy
website: lists.fedoraproject.org
destname: mailman3
diff --git a/roles/nagios_server/files/httpd/nagios-new.conf b/roles/nagios_server/files/httpd/nagios-new.conf
index e9b31c868f..3aada15f6a 100644
--- a/roles/nagios_server/files/httpd/nagios-new.conf
+++ b/roles/nagios_server/files/httpd/nagios-new.conf
@@ -1,12 +1,6 @@
# noc1
ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-# noc2
-ScriptAlias /nagios-external/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-
-# test
-ScriptAlias /nagios-just-a-test/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-
ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
@@ -19,7 +13,7 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
Require valid-user
-
+
Options ExecCGI
@@ -27,10 +21,8 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
Options None
+RewriteEngine on
+RewriteRule ^/$ /nagios/ [R]
+
Alias /nagios /usr/share/nagios/html/
-# This will only affect noc2 because the proxies only forward -external to it.
-Alias /nagios-external /usr/share/nagios/html/
-
-# Test
-Alias /nagios-test /usr/share/nagios/html/
diff --git a/roles/nagios_server/files/httpd/nagios.conf b/roles/nagios_server/files/httpd/nagios.conf
index ac2b5984a8..e552348f7f 100644
--- a/roles/nagios_server/files/httpd/nagios.conf
+++ b/roles/nagios_server/files/httpd/nagios.conf
@@ -1,12 +1,6 @@
# noc1
ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-# noc2
-ScriptAlias /nagios-external/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-
-# test
-ScriptAlias /nagios-just-a-test/cgi-bin/ /usr/lib64/nagios/cgi-bin/
-
ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
@@ -19,7 +13,7 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
Require valid-user
-
+
Options ExecCGI
@@ -32,8 +26,3 @@ RewriteRule ^/$ /nagios/ [R]
Alias /nagios /usr/share/nagios/html/
-# This will only affect noc2 because the proxies only forward -external to it.
-Alias /nagios-external /usr/share/nagios/html/
-
-# Test
-Alias /nagios-test /usr/share/nagios/html/
diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml
index f7866aad92..5182413c40 100644
--- a/roles/nagios_server/tasks/main.yml
+++ b/roles/nagios_server/tasks/main.yml
@@ -26,6 +26,8 @@
with_items:
- php
- nagios.x86_64
+ - nagios-selinux
+ - nrpe-selinux
- nagios-plugins
- nagios-plugins-dig
- nagios-plugins-disk
@@ -78,19 +80,6 @@
- nagios_server
## Copy over system configs
-# TODO: Make this a template once they're closer together
-- name: Copy httpd config (production)
- copy: src=httpd/nagios.conf dest=/etc/httpd/conf.d/nagios.conf
- when: env == "production"
- tags:
- - nagios_server
-
-- name: Copy httpd config (staging)
- copy: src=httpd/nagios-new.conf dest=/etc/httpd/conf.d/nagios.conf
- when: env == "staging"
- tags:
- - nagios_server
-
- name: Copy specialized nrpe.cfg for nagios server
copy: src=nrpe/nrpe.cfg dest=/etc/nagios/nrpe.cfg mode=0644 group=root owner=root
notify:
@@ -265,6 +254,11 @@
## Build template files
# This one may go to being just a regular config file if we can make remote monitoring work
+- name: Template out the nagios httpd conf
+ template: src=httpd/nagios.conf.j2 dest=/etc/httpd/conf.d/nagios.conf
+ tags:
+ - nagios_server
+
- name: Template out the cgi.cfg
template: src=nagios/configs/cgi.cfg.j2 dest=/etc/nagios/cgi.cfg mode=0644 owner=root group=root
tags:
diff --git a/roles/nagios_server/templates/httpd/nagios.conf.j2 b/roles/nagios_server/templates/httpd/nagios.conf.j2
new file mode 100644
index 0000000000..6dfe6f23bf
--- /dev/null
+++ b/roles/nagios_server/templates/httpd/nagios.conf.j2
@@ -0,0 +1,40 @@
+# noc1
+ScriptAlias /nagios/cgi-bin/ /usr/lib64/nagios/cgi-bin/
+
+ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
+
+
+ AuthName "Nagios GSSAPI Login"
+{% if env == "production" %}
+{% if vars['nagios_location'] == 'internal' %}
+ GssapiCredStore keytab:/etc/krb5.HTTP_nagios.fedoraproject.org.keytab
+{% else %}
+ GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external.fedoraproject.org.keytab
+{% endif %}
+{% else %}
+{% if vars['nagios_location'] == 'internal' %}
+ GssapiCredStore keytab:/etc/krb5.HTTP_nagios.stg.fedoraproject.org.keytab
+{% else %}
+ GssapiCredStore keytab:/etc/krb5.HTTP_nagios-external.stg.fedoraproject.org.keytab
+{% endif %}
+{% endif %}
+ AuthType GSSAPI
+ # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
+ GssapiSSLonly Off
+ GssapiLocalName on
+ Require valid-user
+
+
+
+ Options ExecCGI
+
+
+
+ Options None
+
+
+RewriteEngine on
+RewriteRule ^/$ /nagios/ [R]
+
+Alias /nagios /usr/share/nagios/html/
+