diff options
Diffstat (limited to 'roles/nagios_server/tasks')
| -rw-r--r-- | roles/nagios_server/tasks/freeipa.yml | 42 | ||||
| -rw-r--r-- | roles/nagios_server/tasks/main.yml | 90 | ||||
| -rw-r--r-- | roles/nagios_server/tasks/objects.yml | 32 |
3 files changed, 164 insertions, 0 deletions
diff --git a/roles/nagios_server/tasks/freeipa.yml b/roles/nagios_server/tasks/freeipa.yml new file mode 100644 index 0000000..59ab7b3 --- /dev/null +++ b/roles/nagios_server/tasks/freeipa.yml @@ -0,0 +1,42 @@ +- name: create HBAC service + ipahbacsvc: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_hbac_service }}' + description: nagios web interface + state: present + run_once: yes + +- name: create nagios servers hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_hbac_hostgroup }}' + description: Nagios Servers + host: "{{ groups[nagios_hbac_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + state: present + run_once: yes + +- name: create access group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ nagios_access_group }}' + description: nagios Administrators + nonposix: yes + state: present + run_once: yes + +- name: create HBAC rule + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_nagios_users_on_nagios_servers + description: Allow nagios admins on nagios servers + hostgroup: + - '{{ nagios_hbac_hostgroup }}' + group: + - '{{ nagios_access_group }}' + hbacsvc: + - '{{ nagios_hbac_service }}' + run_once: yes diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml new file mode 100644 index 0000000..db8ebf6 --- /dev/null +++ b/roles/nagios_server/tasks/main.yml @@ -0,0 +1,90 @@ +- name: install packages + dnf: + name: '{{ nagios_packages }}' + state: present + +- name: generate nagios configuration + template: + src: '{{ item[1:] }}.j2' + dest: '{{ item }}' + loop: + - /etc/nagios/cgi.cfg + - /etc/nagios/nagios.cfg + - /usr/share/nagios/html/config.inc.php + notify: restart nagios + +- name: remove default nagios config files + copy: + content: | + # This file intentionally empty to avoid being clobbered on package updates. + dest: /etc/nagios/objects/{{ item }} + loop: + - printer.cfg + - switch.cfg + - windows.cfg + - localhost.cfg + notify: reload nagios + +- name: clone manubulon repo + git: + repo: '{{ nagios_manubulon_repo }}' + dest: '{{ nagios_manubulon_install_dir }}' + version: '{{ nagios_manubulon_version }}' + force: yes + update: yes + register: nagios_manubulon_git + +- name: install manubulon plugins + shell: install -o root -g root -m755 {{ nagios_manubulon_install_dir }}/plugins/*.pl {{ nagios_plugin_dir }}/ + when: nagios_manubulon_git.changed + +- import_tasks: objects.yml + tags: nagios_config + +- name: download thirdparty plugins + get_url: + url: '{{ item.url }}' + dest: '{{ nagios_plugin_dir }}/{{ item.name }}' + mode: 0555 + loop: '{{ nagios_thirdparty_plugins | dict2items(key_name="name", value_name="url") }}' + tags: nagios_config + +- name: download thirdparty MIBs + get_url: + url: '{{ item.url }}' + dest: '{{ nagios_mib_dir }}/MIB-{{ item.name | upper }}.txt' + loop: '{{ nagios_thirdparty_mibs | dict2items(key_name="name", value_name="url") }}' + +- name: create nagios ssh directory + file: + path: '{{ nagios_home }}/.ssh' + owner: nagios + group: nagios + mode: 0700 + state: directory + +- name: copy nagios ssh key + copy: + content: '{{ nagios_ssh_privkey }}' + dest: "{{ nagios_home }}/.ssh/id_{{ nagios_ssh_pubkey | regex_replace('^ssh-(\\w+).*', '\\1') }}" + owner: nagios + group: nagios + mode: 0600 + +- import_tasks: freeipa.yml + +- name: create SELinux policy for php-fpm to access nagios contexts + include_role: + name: selinux_policy + apply: + tags: selinux + vars: + selinux_policy_name: php_nagios + selinux_policy_te: '{{ nagios_selinux_policy_te }}' + tags: selinux + +- name: enable nagios + systemd: + name: nagios + enabled: yes + state: started diff --git a/roles/nagios_server/tasks/objects.yml b/roles/nagios_server/tasks/objects.yml new file mode 100644 index 0000000..e216e71 --- /dev/null +++ b/roles/nagios_server/tasks/objects.yml @@ -0,0 +1,32 @@ +- name: generate nagios objects + template: + src: '{{ item.src }}' + dest: /etc/nagios/objects/{{ item.path | splitext | first }} + owner: root + group: nagios + mode: 0640 + lstrip_blocks: yes + loop: "{{ lookup('filetree', '../templates/etc/nagios/objects', wantlist=True) }}" + when: item.state == 'file' + loop_control: + label: '{{ item.path }}' + notify: reload nagios + +- name: generate nagios resource file + template: + src: etc/nagios/private/resource.cfg.j2 + dest: /etc/nagios/private/resource.cfg + owner: root + group: nagios + mode: 0640 + notify: reload nagios + +- name: copy nagios plugins + copy: + src: '{{ item.src }}' + dest: '{{ nagios_plugin_dir }}/{{ item.path }}' + mode: 0555 + loop: "{{ lookup('filetree', nagios_plugin_dir[1:], wantlist=True) }}" + loop_control: + label: '{{ item.path }}' + when: item.state == 'file' |