316 lines
9.2 KiB
YAML
316 lines
9.2 KiB
YAML
# nagios-client/nrpe
|
|
|
|
---
|
|
- name: Add nrpe user with deterministic UID before nrpe.rpm creates it
|
|
user:
|
|
# Defaults taken from nrpe.spec
|
|
name: nrpe
|
|
uid: "{{nrpe_client_uid|default(omit)}}"
|
|
comment: NRPE user for the NRPE service
|
|
home: /var/run/nrpe
|
|
shell: /sbin/nologin
|
|
system: true
|
|
# See: https://github.com/ansible/ansible/issues/76376
|
|
# libuser and lgroupmod isn't installed on wiki01/wiki02 currently.
|
|
# local: true
|
|
tags:
|
|
- nagios_client
|
|
|
|
# install pkgs:
|
|
- name: Install nagios client pkgs
|
|
ansible.builtin.package: name={{ item }} state=present
|
|
with_items:
|
|
- nrpe
|
|
- nagios-plugins
|
|
- nagios-plugins-disk
|
|
- nagios-plugins-file_age
|
|
- nagios-plugins-users
|
|
- nagios-plugins-procs
|
|
- nagios-plugins-swap
|
|
- nagios-plugins-load
|
|
- nagios-plugins-ping
|
|
tags:
|
|
- packages
|
|
- nagios_client
|
|
|
|
- name: Install nagios tcp check for mirrorlist proxies
|
|
ansible.builtin.package: name=nagios-plugins-tcp state=present
|
|
tags:
|
|
- packages
|
|
- nagios_client
|
|
when: "'mailman' in group_names or 'mirrorlist_proxies' in group_names"
|
|
|
|
- name: Install local nrpe check scripts that are not packaged
|
|
ansible.builtin.copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0755 owner=nagios group=nagios
|
|
with_items:
|
|
- check_haproxy_conns.py
|
|
- check_postfix_queue
|
|
- check_postfix_queue.py
|
|
- check_raid.py
|
|
- check_lock
|
|
- check_fcomm_queue
|
|
- check_rabbitmq_size
|
|
- check_datanommer_timesince.py
|
|
- check_memcache_connect
|
|
- check_readonly_fs
|
|
- check_lock_file_age
|
|
- check_testcloud
|
|
- check_ipa_replication
|
|
- check_redis_queue.sh
|
|
- check_timestamp_from_file
|
|
- check_crl_next_update
|
|
when: not inventory_hostname.startswith('noc0')
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe check for systemd unit
|
|
ansible.builtin.copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0775 owner=nagios group=nagios
|
|
with_items:
|
|
- check_systemd_units
|
|
when: inventory_hostname.startswith('pagure')
|
|
tags:
|
|
- nagios_client
|
|
|
|
# create dirs
|
|
# puppet used to make /var/spool/nagios (owned by nagios.nagios) mode 750
|
|
# and /usr/lib/nagios/plugins (owned by root) mode 755 - but we don't know WHY
|
|
# then stuff it with plugins from the plugins dir in the nagios module
|
|
# then we symlinked that to /usr/lib64/nagios/plugins
|
|
# it was a nightmare - don't do that - my ghost will haunt you if you do
|
|
# skvidal 2013-05-21
|
|
|
|
|
|
# Three tasks for handling our custom selinux module
|
|
- name: Ensure a directory exists for our custom selinux module
|
|
ansible.builtin.file: dest=/usr/share/nrpe state=directory
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
|
|
- name: Copy over our custom selinux module
|
|
ansible.builtin.copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/fi-nrpe.pp
|
|
register: selinux_module
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
- selinux
|
|
|
|
- name: Install our custom selinux module
|
|
ansible.builtin.command: semodule -i /usr/share/nrpe/fi-nrpe.pp
|
|
when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' and selinux_module is changed
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
- selinux
|
|
|
|
- name: Copy over our custom selinux module for mirrorlist
|
|
ansible.builtin.copy: src=selinux/fi-nrpe.pp dest=/usr/share/nrpe/mirrormanager_container.pp
|
|
register: selinux_module_mirrorlist
|
|
when: "'proxy' in inventory_hostname"
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
- selinux
|
|
|
|
- name: Install our custom selinux module for mirrorlist
|
|
ansible.builtin.command: semodule -i /usr/share/nrpe/mirrormanager_container.pp
|
|
when: "'proxy' in inventory_hostname and selinux_module is changed"
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
- selinux
|
|
|
|
# Set up our base config.
|
|
- name: /etc/nagios/nrpe.cfg
|
|
ansible.builtin.template: src=nrpe.cfg.j2 dest=/etc/nagios/nrpe.cfg
|
|
when: not inventory_hostname.startswith('noc0')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
|
|
#
|
|
# The actual items files here end in .j2 (they are templates)
|
|
# So when adding or modifying them change the .j2 version in git.
|
|
#
|
|
- name: Install nrpe client configs
|
|
ansible.builtin.template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_raid.cfg
|
|
- check_ipa.cfg
|
|
- check_readonly_fs.cfg
|
|
- check_cron.cfg
|
|
- check_disk.cfg
|
|
- check_swap.cfg
|
|
- check_postfix_queue.cfg
|
|
- check_postfix_redhat.cfg
|
|
- check_lock.cfg
|
|
- check_redis_proc.cfg
|
|
- check_datanommer_history.cfg
|
|
- check_memcache.cfg
|
|
- check_lock_file_age.cfg
|
|
- check_basset.cfg
|
|
- check_fmn.cfg
|
|
- check_testcloud.cfg
|
|
- check_mirrorlist_docker_proxy.cfg
|
|
- check_mirrorlist_cache.cfg
|
|
- check_celery_redis_queue.cfg
|
|
- check_proxies.cfg
|
|
- check_countme.cfg
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- config
|
|
- nagios_client
|
|
|
|
#
|
|
# The actual items files here end in .j2 (they are templates)
|
|
# So when adding or modifying them change the .j2 version in git.
|
|
#
|
|
- name: Install nrpe openvpn check config
|
|
ansible.builtin.template: src=check_openvpn_link.cfg.j2 dest=/etc/nrpe.d/check_openvpn_link.cfg owner=root group=root mode=0644
|
|
when: vpn == true
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
#
|
|
# The actual items files here end in .j2 (they are templates)
|
|
# So when adding or modifying them change the .j2 version in git.
|
|
#
|
|
- name: Install nrpe merged log check script on log01
|
|
ansible.builtin.template: src=check_merged_file_age.cfg.j2 dest=/etc/nrpe.d/check_merged_file_age.cfg owner=root group=root mode=0644
|
|
when: inventory_hostname.startswith('log0')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
#
|
|
# The actual items files here end in .j2 (they are templates)
|
|
# So when adding or modifying them change the .j2 version in git.
|
|
#
|
|
- name: Install nrpe check_mysql config for mariadb servers
|
|
ansible.builtin.template: src=check_mysql.cfg.j2 dest=/etc/nrpe.d/check_mysql.cfg owner=root group=root mode=0644
|
|
when: inventory_hostname.startswith('db03')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe checks for mailman01
|
|
ansible.builtin.template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_mailman_api.cfg
|
|
when: inventory_hostname.startswith('mailman01')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe checks for proxies
|
|
ansible.builtin.template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_happroxy_conns.cfg
|
|
- check_varnish_proc.cfg
|
|
when: inventory_hostname.startswith('proxy')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe checks for sigul_bridge
|
|
ansible.builtin.template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_sigul_bridge_proc.cfg
|
|
when: inventory_hostname.startswith('sign-bridge')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe checks for sundries/websites
|
|
ansible.builtin.template: src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_websites_buildtime.cfg
|
|
when: inventory_hostname.startswith('sundries')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install CRL check for bastions
|
|
when: inventory_hostname.startswith('bastion') and datacenter == 'iad2'
|
|
tags:
|
|
- nagios_client
|
|
block:
|
|
- name: Install the nrpe template
|
|
ansible.builtin.template: src=check_crl_next_update.cfg.j2 dest=/etc/nrpe.d/check_crl_next_update.cfg owner=root group=root mode=0644
|
|
notify:
|
|
- Restart nrpe
|
|
|
|
- name: Set facls so nrpe can check the crl (dir)
|
|
acl: default=no etype=user entity=nrpe permissions="rx" name=/etc/openvpn/server state=present
|
|
|
|
- name: Set facls so nrpe can check the crl (file)
|
|
acl: default=no etype=user entity=nrpe permissions="r" name=/etc/openvpn/server/crl.pem state=present
|
|
|
|
- name: Install nrpe config for the RabbitMQ checks
|
|
ansible.builtin.template:
|
|
src: "rabbitmq_args.ini.j2"
|
|
dest: "/etc/nrpe.d/rabbitmq_args.ini"
|
|
owner: root
|
|
group: nrpe
|
|
mode: "0640"
|
|
when: inventory_hostname.startswith('rabbitmq')
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe checks for the RabbitMQ cluster
|
|
ansible.builtin.template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/etc/nrpe.d/{{ item }}"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
with_items:
|
|
- check_rabbitmq_server.cfg
|
|
- check_rabbitmq_watermark.cfg
|
|
- check_rabbitmq_cluster.cfg
|
|
- check_rabbitmq_connections.cfg
|
|
- check_rabbitmq_overview.cfg
|
|
- check_rabbitmq_exchange.cfg
|
|
- check_rabbitmq_queue.cfg
|
|
when: inventory_hostname.startswith('rabbitmq')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Nrpe service start
|
|
service: name=nrpe state=started enabled=true
|
|
tags:
|
|
- service
|
|
- nagios_client
|
|
|
|
- name: Install nrpe check for rsyslogd
|
|
ansible.builtin.template:
|
|
src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_rsyslogd_proc.cfg
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
|
|
- name: Install nrpe check for systemd units
|
|
ansible.builtin.template:
|
|
src={{ item }}.j2 dest=/etc/nrpe.d/{{ item }} owner=root group=root mode=0644
|
|
with_items:
|
|
- check_systemd_units.cfg
|
|
when: inventory_hostname.startswith('pagure')
|
|
notify:
|
|
- Restart nrpe
|
|
tags:
|
|
- nagios_client
|
|
- pagure
|