Create an IPA service for monitoring and use it for check-ipa-free-ids

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2026-05-12 02:46:20 +08:00 · 2025-07-10 11:46:05 +02:00
parent 5d1c0427c9
commit 0c6153cebe
2 changed files with 20 additions and 2 deletions
--- a/roles/ipa/server/tasks/scripts.yml
+++ b/roles/ipa/server/tasks/scripts.yml
@@ -105,10 +105,28 @@
    - config
    notify: Restart collectd

-  - name: Let collectd talk to the RabbitMQ management interface
+  - name: Let collectd talk to the REST API
    ansible.posix.seboolean:
      name: collectd_tcp_network_connect
      state: yes
      persistent: yes
    tags:
    - collectd
+
+
+#
+# Nagios monitoring
+#
+- name: Create the service for nagios monitoring
+  ansible.builtin.include_role:
+    name: "keytab/service" # noqa role-name[path]
+    apply:
+      tags:
+      - ipa/server
+      - config
+      - keytab
+  vars:
+    host: "{{ ipa_server }}" # noqa: var-naming[no-role-prefix]
+    service: monitoring # noqa: var-naming[no-role-prefix]
+    owner_user: nagios
+    owner_group: nagios
--- a/roles/nagios_client/templates/check_ipa.cfg.j2
+++ b/roles/nagios_client/templates/check_ipa.cfg.j2
@@ -1,2 +1,2 @@
 command[check_ipa_replication]={{ libdir }}/nagios/plugins/check_ipa_replication -u ldaps://localhost/
-command[check_ipa_free_ids]={{ libdir }}/nagios/plugins/check_ipa_free_ids.py -k /etc/krb5.stage-users_{{ ipa_server }}.keytab
+command[check_ipa_free_ids]={{ libdir }}/nagios/plugins/check_ipa_free_ids.py -k /etc/krb5.monitoring_{{ ipa_server }}.keytab