Infrastructure/ansible
5
0
Fork 0
Code Issues Pull requests 3 Projects Releases Packages Wiki Activity Actions
ansible/roles/nagios_server/tasks/main.yml
Kevin Fenzi 22dde8163b unbound: remove and retire unbound servers 
These instances served long and well as fallback resolvers for
dnssec-trigger. This is no longer needed or used, so lets remove them.
See https://pagure.io/fedora-infrastructure/issue/11415

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2023-07-24 14:40:43 -07:00

539 lines
14 KiB
YAML
Raw Blame History

##
## A playbook to set up a Nagios 4 server
##
## Setup the initial user and groups.
- name: Add nagios group as 420
group: name=nagios gid=420 state=present system=yes
tags:
- nagios_server
- name: Add nagios user as 420
user: name=nagios uid=420 state=present home=/var/spool/nagios comment="Nagios Monitoring User" createhome=yes system=yes shell=/bin/bash
tags:
- nagios_server
# Add the apache user to the nagios group so that it has permissions
# to do stuff in /var/spool/nagios/*
- name: Add apache to nagios group
user: name=apache append=yes groups=nagios
tags:
- nagios_server
## Install the initial packages for the group.
- name: Install nagios packages
package:
state: present
name:
- php
- nagios.x86_64
- nagios-selinux
- nrpe-selinux
- nagios-plugins
- nagios-plugins-dig
- nagios-plugins-disk
- nagios-plugins-dns
- nagios-plugins-dummy
- nagios-plugins-file_age
- nagios-plugins-http
- nagios-plugins-load
- nagios-plugins-nagios
- nagios-plugins-nrpe
- nagios-plugins-perl
- nagios-plugins-pgsql
- nagios-plugins-ping
- nagios-plugins-procs
- nagios-plugins-smtp
- nagios-plugins-ssh
- nagios-plugins-swap
- nagios-plugins-tcp
- nagios-plugins-users
- stunnel
- mod_auth_gssapi
tags:
- nagios_server
- name: Install the SSL apache module
package:
state: present
name:
- mod_ssl
when: env == "production" and nagios_location == "external"
# ## Copy over the httpd SSL certs for external
# - name: Install the SSL cert so that we can use https
# copy: >
# src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
# owner=root group=root mode=0600
# when: env == "production" and nagios_location == "external"
# with_items:
# - noc02.fedoraproject.org.cert
# - noc02.fedoraproject.org.key
# - noc02.fedoraproject.org.intermediate.cert
# tags:
# - config
# - httpd/certificate
## Setup directories for files to be copied
- name: Create or confirm directories to be made
file: dest={{item}} mode=2755 owner=root group=sysadmin-main state=directory
with_items:
- /etc/nagios/commands
- /etc/nagios/contacts
- /etc/nagios/contactgroups
- /etc/nagios/hosts
- /etc/nagios/hostgroups
- /etc/nagios/services
- /etc/nagios/servicegroups
- /etc/nagios/conf.d
- /usr/lib64/nagios/plugins/
- /usr/lib64/nagios/plugins/eventhandlers/
## Remove the items we don't want
- name: Nuke default nagios passwd
file: dest=/etc/nagios/passwd state=absent
tags:
- nagios_server
- name: Nuke default nagios objects
file: dest=/etc/nagios/objects state=absent
tags:
- nagios_server
## Copy over the nagios configs
- name: Copy /etc/nagios/conf.d/cfg files
copy: src=nagios/configs/{{ item }} dest=/etc/nagios/conf.d/{{ item }}
with_items:
- escalations.cfg
- timeperiods.cfg
tags:
- config
- nagios_server
- name: Copy over the main conf file
copy: src=nagios/configs/nagios.cfg dest=/etc/nagios mode=0644 group=root owner=root
tags:
- config
- nagios_server
## Copy over the command scripts
- name: Copy /etc/nagios/commands
copy: src=nagios/commands/{{ item }} dest=/etc/nagios/commands/{{ item }}
with_items:
- disk.cfg
- dns.cfg
- git.cfg
- httpd.cfg
- koji.cfg
- local.cfg
- mailman.cfg
- misc.cfg
- notify.cfg
- nrpe.cfg
- perfdata.cfg
- ping.cfg
- rsyslog.cfg
- smtp.cfg
- ssh.cfg
- tcp.cfg
- testcloud.cfg
- udp.cfg
tags:
- nagios_config
- nagios_server
notify: restart nagios
## Copy over the contacts
- name: Copy /etc/nagios/contacts
synchronize: src=nagios/contacts/ dest=/etc/nagios/contacts/
tags:
- nagios_config
- nagios_server
notify: restart nagios
## Copy over the contactgroups
- name: Copy /etc/nagios/contactgroups
synchronize: src=nagios/contactgroups/ dest=/etc/nagios/contactgroups/
tags:
- nagios_config
- nagios_server
notify: restart nagios
## Copy over the hosts
- name: Copy /etc/nagios/hosts
copy: src=nagios/hosts/ dest=/etc/nagios/hosts/
tags:
- nagios_config
- nagios_server
notify: restart nagios
## Copy over the services
- name: Copy /etc/nagios/services (PHX2 specific files)
copy: src=nagios/services/iad2_internal/{{ item }} dest=/etc/nagios/services/{{ item }}
with_items:
- basset.cfg
- certgetter.cfg
- db_backups.cfg
- disk.cfg
- fedmsg.cfg
- file_age.cfg
- fmn.cfg
- koji.cfg
- locking.cfg
- mailman.cfg
- nrpe.cfg
- osbs.cfg
- pgsql.cfg
tags:
- nagios_config
- nagios_server
- nagios_hostgroups
when: env == "production" and nagios_location == 'iad2_internal'
notify: restart nagios
- name: Copy /etc/nagios/services (IAD2 specific files)
copy: src=nagios/services/iad2_internal/{{ item }} dest=/etc/nagios/services/{{ item }}
with_items:
- basset.cfg
- certgetter.cfg
- db_backups.cfg
- disk.cfg
- fedmsg.cfg
- file_age.cfg
- fmn.cfg
- koji.cfg
- locking.cfg
- mailman.cfg
- nrpe.cfg
- osbs.cfg
- pgsql.cfg
- rabbitmq.cfg
tags:
- nagios_config
- nagios_server
- nagios_hostgroups
when: env == "production" and nagios_location == 'iad2_internal'
notify: restart nagios
- name: Copy /etc/nagios/services (internal files)
copy: src=nagios/services/{{ item }} dest=/etc/nagios/services/{{ item }}
with_items:
- copr.cfg
- dns.cfg
- haproxy.cfg
- mail_queue.cfg
- memcached.cfg
- nagios.cfg
- pagure_redis.cfg
- ping.cfg
- procs.cfg
- raid.cfg
- smtp-mm.cfg
- ssh.cfg
- ssl.cfg
- swap.cfg
- templates.cfg
- vpnclients.cfg
- vpn_server.cfg
tags:
- nagios_config
- nagios_server
- nagios_hostgroups
when: env == "production" and nagios_location == 'iad2_internal'
notify: restart nagios
## Copy over the services
- name: Copy /etc/nagios/services (External)
copy: src=nagios/services/{{ item }} dest=/etc/nagios/services/{{ item }}
with_items:
- dns.cfg
- smtp-mm.cfg
- templates.cfg
- ping-ipv6.cfg
tags:
- nagios_config
- nagios_server
when: env == "production" and nagios_location == "external"
notify: restart nagios
## Drop services we don't need
- name: Nuke unneded services from /etc/nagios/services (External)
file: dest=/etc/nagios/services/{{ item }} state=absent
with_items:
- copr_external.cfg
tags:
- nagios_config
- nagios_server
when: env == "production" and nagios_location == "external"
notify: restart nagios
## Copy over the servicegroups
- name: Copy /etc/nagios/servicegroups
synchronize: src=nagios/servicegroups/ dest=/etc/nagios/servicegroups/
tags:
- nagios_config
- nagios_server
when: nagios_location == 'iad2_internal'
notify: restart nagios
## Copy over the servicegroups
- name: Copy /etc/nagios/servicegroups
copy: src=nagios/servicegroups/{{item}} dest=/etc/nagios/servicegroups/{{item}}
with_items:
- bodhi.cfg
- fas.cfg
- fp-wiki.cfg
- freemedia.cfg
- mirrorlist.cfg
tags:
- nagios_config
- nagios_server
when: nagios_location == "external"
notify: restart nagios
## Copy over the plugins
- name: Copy plugins
copy: src=nagios/plugins/ dest=/usr/lib64/nagios/plugins/ mode=0755 owner=root group=root
tags:
- nagios_server
## Copy over the programs
- name: Copy irc-colorize.py
copy: src=nagios/scripts/irc-colorize.py dest=/usr/local/bin/irc-colorize.py mode=0755 group=root owner=root
tags:
- nagios_server
- name: Copy check_nagios_notifications.py
copy: src=nagios/scripts/check_nagios_notifications.py dest=/usr/local/bin/check_nagios_notifications.py mode=0755 group=root owner=root
tags:
- nagios_server
- name: Copy robots.txt
copy: src=httpd/robots.txt dest=/var/www/robots.txt
tags:
- nagios_server
## Build template files
# This one may go to being just a regular config file if we can make remote monitoring work
## Copy over system configs
- name: Copy specialized nrpe.cfg for nagios server
template: src=nrpe/nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg
notify:
- restart nrpe
tags:
- config
- nagios_server
- name: Configure perms on nrpe correctly
file: dest=/etc/nagios/nrpe.cfg mode=0644 group=root owner=root
tags:
- config
- nagios_server
- name: Template out the nagios httpd conf
template: src=httpd/{{item}}.j2 dest=/etc/httpd/conf.d/{{item}}
with_items:
- nagios.conf
tags:
- nagios_server
- name: Template out the nagios httpd conf
template: src=httpd/{{item}}.j2 dest=/etc/httpd/conf.d/{{item}}
with_items:
- 0_nagios-external.conf
tags:
- nagios_server
- sslciphers
when: env == "production" and nagios_location == "external"
- name: Template out the cgi.cfg
template: src=nagios/configs/cgi.cfg.j2 dest=/etc/nagios/cgi.cfg mode=0644 owner=root group=root
tags:
- nagios_server
- nagios_config
notify: restart nagios
- name: Override config.inc.php for the given environment
template: src=nagios/config.inc.php.j2 dest=/usr/share/nagios/html/config.inc.php mode=0640 owner=root group=apache
tags:
- nagios_server
- nagios_config
notify: restart nagios
- name: Template over plugins
template: src=nagios/plugins/{{item}}.j2 dest=/usr/lib64/nagios/plugins/{{item}} mode=0755 owner=root group=root
with_items:
- check_koji
tags:
- nagios_server
- name: Template over commands
template: src=nagios/commands/{{item}}.j2 dest=/etc/nagios/commands/{{item}} mode=0644 owner=root group=root
with_items:
- postgres.cfg
tags:
- nagios_server
- nagios_config
notify: restart nagios
- name: Template over services (internal)
template: src=nagios/services/{{item}}.j2 dest=/etc/nagios/services/{{item}} mode=0644 owner=root group=root
with_items:
- ipa.cfg
- mirrorlist-proxies.cfg
when: env == "production" and nagios_location == 'iad2_internal'
tags:
- nagios_server
- nagios_config
notify: restart nagios
- name: Template over services (both)
template: src=nagios/services/{{item}}.j2 dest=/etc/nagios/services/{{item}} mode=0644 owner=root group=root
with_items:
- websites.cfg
when: env == "production"
tags:
- nagios_server
- nagios_config
- websites
notify: restart nagios
- name: Build out nagios host templates (production)
template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
with_items:
- dedicatedsolutions-hosts.cfg
- host1plus-hosts.cfg
- gateway-hosts.cfg
- ibiblio-hosts.cfg
- internetx-hosts.cfg
- osuosl-hosts.cfg
- other.cfg
- rdu-cc-hosts.cfg
- rdu-hosts.cfg
- iad2-external.cfg
- aws-hosts.cfg
when: env == "production"
tags:
- nagios_server
- nagios_config
- nagios_hosts
notify: restart nagios
## These are only available to the internal server
- name: Build out nagios host templates (production)
template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
with_items:
- iad2-hosts.cfg
- iad2-mgmt-hosts.cfg
- staging-hosts.cfg
when: env == "production" and nagios_location == 'iad2_internal'
tags:
- nagios_server
- nagios_config
- nagios_hosts
notify: restart nagios
## These are only available to the internal server
- name: Build out nagios host templates (production)
template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
with_items:
- iad2-hosts.cfg
when: env == "production" and nagios_location == 'iad2_internal'
tags:
- nagios_server
- nagios_config
- nagios_hosts
notify: restart nagios
- name: Build out nagios host templates (production)
template: src=nagios/hosts/{{item}}.j2 dest=/etc/nagios/hosts/{{item}} mode=0644 owner=root group=root
with_items:
- iad2-external.cfg
- ibiblio-hosts-ipv6.cfg
when: env == "production" and nagios_location == "external"
tags:
- nagios_server
- nagios_config
notify: restart nagios
- name: Build out nagios hostgroup templates (iad2)
template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root
with_items:
- all.cfg
- vpnclients.cfg
- nomail.cfg
- checkswap.cfg
- checkraid.cfg
- other.cfg
when: nagios_location == 'iad2_internal'
tags:
- nagios_server
- nagios_config
- nagios_hostgroups
notify: restart nagios
- name: Build out nagios hostgroup templates (external)
template: src=nagios/hostgroups/{{item}}.j2 dest=/etc/nagios/hostgroups/{{item}} mode=0644 owner=root group=root
with_items:
- all-external.cfg
when: nagios_location == "external"
tags:
- nagios_server
- nagios_config
- nagios_hostgroups
notify: restart nagios
- name: Build out nagios services templates
template: src=nagios/services/{{item}}.j2 dest=/etc/nagios/services/{{item}} mode=0644 owner=root group=root
with_items:
- iad2-mgmt.cfg
when: nagios_location == 'iad2_internal'
tags:
- nagios_server
- nagios_config
- nagios_services
notify: restart nagios
## Copy over the servicedeps
## Setup the cron jobs
- name: Install check_nagios_notifications cron
cron: name="check_nagios_notifications" minute=0 hour=0 weekday=1 user=nagios job="/usr/local/bin/check_nagios_notifications.py"
tags:
- nagios_server
## Handle selinux annoyances - roughly copied from fedmsg role
- name: Ensure a directory exists for our custom selinux module
file: dest=/usr/local/share/nagios-policy state=directory
tags:
- nagios_server
- name: Copy over our custom selinux module
copy: src=selinux/nagios_hostname.pp dest=/usr/local/share/nagios-policy/nagios_hostname.pp
register: selinux_module
tags:
- nagios_server
- name: Install our custom selinux module
command: semodule -i /usr/local/share/nagios-policy/nagios_hostname.pp
when: selinux_module is changed
tags:
- nagios_server
- name: Copy over our custom selinux module
copy: src=selinux/nagios_nrpe.pp dest=/usr/local/share/nagios-policy/nagios_nrpe.pp
register: selinux_module2
tags:
- nagios_server
- name: Install our custom selinux module
command: semodule -i /usr/local/share/nagios-policy/nagios_nrpe.pp
when: selinux_module2 is changed
tags:
- nagios_server
Reference in a new issue View git blame Copy permalink