WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 08:20:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
04dcafe578f9cd6d98ad525529341b35f424ad4e
fedora-infra_ansible/roles/nagios_client/tasks/main.yml
Michal Konecny d5f83a7272 [nagios] Use server checks on noc01 
Just move datanommer check to server plugins, so it's the same as before.
2025-07-31 10:26:01 +02:00

425 lines
10 KiB
YAML
Raw Blame History

# nagios-client/nrpe
---
- name: Add nrpe user with deterministic UID before nrpe.rpm creates it
ansible.builtin.user:
# Defaults taken from nrpe.spec
name: nrpe
uid: "{{ nrpe_client_uid | default(omit) }}"
comment: NRPE user for the NRPE service
home: /var/run/nrpe
shell: /sbin/nologin
system: true
# See: https://github.com/ansible/ansible/issues/76376
# libuser and lgroupmod isn't installed on wiki01/wiki02 currently.
# local: true
tags:
- nagios_client
# install pkgs:
- name: Install nagios client pkgs
ansible.builtin.package:
name: "{{ item }}"
state: present
with_items:
- nrpe
- nagios-plugins
- nagios-plugins-disk
- nagios-plugins-file_age
- nagios-plugins-users
- nagios-plugins-procs
- nagios-plugins-swap
- nagios-plugins-load
- nagios-plugins-ping
- nagios-plugins-http
tags:
- packages
- nagios_client
- name: Install datanommer check packages
ansible.builtin.package:
name: "{{ item }}"
state: present
with_items:
- python3-datanommer-commands
when: inventory_hostname.startswith('noc01')
tags:
- packages
- nagios_client
- name: Install nagios tcp check for mirrorlist proxies
ansible.builtin.package:
name: nagios-plugins-tcp
state: present
tags:
- packages
- nagios_client
when: "'mailman' in group_names or 'mirrorlist_proxies' in group_names"
- name: Install local nrpe check scripts that are not packaged
ansible.builtin.copy:
src: "scripts/{{ item }}"
dest: "{{ libdir }}/nagios/plugins/{{ item }}"
mode: "0755"
owner: nagios
group: nagios
with_items:
- check_haproxy_conns.py
- check_postfix_queue
- check_postfix_queue.py
- check_raid.py
- check_lock
- check_fcomm_queue
- check_rabbitmq_size
- check_datanommer_timesince.py
- check_memcache_connect
- check_readonly_fs
- check_lock_file_age
- check_testcloud
- check_ipa_replication
- check_ipa_free_ids.py
- check_redis_queue.sh
- check_timestamp_from_file
- check_crl_next_update
when: not inventory_hostname.startswith('noc0')
tags:
- nagios_client
- name: Install nrpe check for systemd unit
ansible.builtin.copy:
src: "scripts/{{ item }}"
dest: "{{ libdir }}/nagios/plugins/{{ item }}"
mode: "0775"
owner: nagios
group: nagios
with_items:
- check_systemd_units
when: inventory_hostname.startswith('pagure')
tags:
- nagios_client
# create dirs
# puppet used to make /var/spool/nagios (owned by nagios.nagios) mode 750
# and /usr/lib/nagios/plugins (owned by root) mode 755 - but we don't know WHY
# then stuff it with plugins from the plugins dir in the nagios module
# then we symlinked that to /usr/lib64/nagios/plugins
# it was a nightmare - don't do that - my ghost will haunt you if you do
# skvidal 2013-05-21
# Three tasks for handling our custom selinux module
- name: Ensure a directory exists for our custom selinux module
ansible.builtin.file:
dest: /usr/share/nrpe
state: directory
mode: "0775"
tags:
- config
- nagios_client
- name: Copy over our custom selinux module
ansible.builtin.copy:
src: selinux/fi-nrpe.pp
dest: /usr/share/nrpe/fi-nrpe.pp
mode: "0664"
register: selinux_module
tags:
- config
- nagios_client
- selinux
- name: Install our custom selinux module
ansible.builtin.command: semodule -i /usr/share/nrpe/fi-nrpe.pp
when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' and selinux_module is changed
changed_when: true
tags:
- config
- nagios_client
- selinux
- name: Copy over our custom selinux module for mirrorlist
ansible.builtin.copy:
src: selinux/fi-nrpe.pp
dest: /usr/share/nrpe/mirrormanager_container.pp
mode: "0664"
register: selinux_module_mirrorlist
when: "'proxy' in inventory_hostname"
tags:
- config
- nagios_client
- selinux
- name: Install our custom selinux module for mirrorlist
ansible.builtin.command: semodule -i /usr/share/nrpe/mirrormanager_container.pp
when: "'proxy' in inventory_hostname and selinux_module is changed"
changed_when: true
tags:
- config
- nagios_client
- selinux
# Set up our base config.
- name: /etc/nagios/nrpe.cfg
ansible.builtin.template:
src: nrpe.cfg.j2
dest: /etc/nagios/nrpe.cfg
mode: "0664"
when: not inventory_hostname.startswith('noc0')
notify:
- Restart nrpe
tags:
- config
- nagios_client
#
# The actual items files here end in .j2 (they are templates)
# So when adding or modifying them change the .j2 version in git.
#
- name: Install nrpe client configs
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_raid.cfg
- check_ipa.cfg
- check_readonly_fs.cfg
- check_cron.cfg
- check_disk.cfg
- check_swap.cfg
- check_postfix_queue.cfg
- check_postfix_redhat.cfg
- check_lock.cfg
- check_redis_proc.cfg
- check_datanommer_history.cfg
- check_memcache.cfg
- check_lock_file_age.cfg
- check_fmn.cfg
- check_testcloud.cfg
- check_mirrorlist_docker_proxy.cfg
- check_mirrorlist_cache.cfg
- check_celery_redis_queue.cfg
- check_proxies.cfg
- check_countme.cfg
notify:
- Restart nrpe
tags:
- config
- nagios_client
#
# The actual items files here end in .j2 (they are templates)
# So when adding or modifying them change the .j2 version in git.
#
- name: Install nrpe openvpn check config
ansible.builtin.template:
src: check_openvpn_link.cfg.j2
dest: /etc/nrpe.d/check_openvpn_link.cfg
owner: root
group: root
mode: "0644"
when: vpn
notify:
- Restart nrpe
tags:
- nagios_client
#
# The actual items files here end in .j2 (they are templates)
# So when adding or modifying them change the .j2 version in git.
#
- name: Install nrpe merged log check script on log01
ansible.builtin.template:
src: check_merged_file_age.cfg.j2
dest: /etc/nrpe.d/check_merged_file_age.cfg
owner: root
group: root
mode: "0644"
when: inventory_hostname.startswith('log0')
notify:
- Restart nrpe
tags:
- nagios_client
#
# The actual items files here end in .j2 (they are templates)
# So when adding or modifying them change the .j2 version in git.
#
- name: Install nrpe check_mysql config for mariadb servers
ansible.builtin.template:
src: check_mysql.cfg.j2
dest: /etc/nrpe.d/check_mysql.cfg
owner: root
group: root
mode: "0644"
when: inventory_hostname.startswith('db03')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install nrpe checks for mailman01
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_mailman_api.cfg
when: inventory_hostname.startswith('mailman01')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install nrpe checks for proxies
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_happroxy_conns.cfg
- check_varnish_proc.cfg
when: inventory_hostname.startswith('proxy')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install nrpe checks for sigul_bridge
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_sigul_bridge_proc.cfg
when: inventory_hostname.startswith('sign-bridge')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install nrpe checks for sundries/websites
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_websites_buildtime.cfg
when: inventory_hostname.startswith('sundries')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install CRL check for bastions
when: inventory_hostname.startswith('bastion') and datacenter == 'rdu3'
tags:
- nagios_client
block:
- name: Install the nrpe template
ansible.builtin.template:
src: check_crl_next_update.cfg.j2
dest: /etc/nrpe.d/check_crl_next_update.cfg
owner: root
group: root
mode: "0644"
notify:
- Restart nrpe
- name: Set facls so nrpe can check the crl (dir)
ansible.posix.acl:
default: no
etype: user
entity: nrpe
permissions: "rx"
name: /etc/openvpn/server
state: present
- name: Set facls so nrpe can check the crl (file)
ansible.posix.acl:
default: no
etype: user
entity: nrpe
permissions: "r"
name: /etc/openvpn/server/crl.pem
state: present
- name: Install nrpe config for the RabbitMQ checks
ansible.builtin.template:
src: "rabbitmq_args.ini.j2"
dest: "/etc/nrpe.d/rabbitmq_args.ini"
owner: root
group: nrpe
mode: "0640"
when: inventory_hostname.startswith('rabbitmq')
tags:
- nagios_client
- name: Install nrpe checks for the RabbitMQ cluster
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_rabbitmq_server.cfg
- check_rabbitmq_watermark.cfg
- check_rabbitmq_cluster.cfg
- check_rabbitmq_connections.cfg
- check_rabbitmq_overview.cfg
- check_rabbitmq_exchange.cfg
- check_rabbitmq_queue.cfg
when: inventory_hostname.startswith('rabbitmq')
notify:
- Restart nrpe
tags:
- nagios_client
- name: Nrpe service start
ansible.builtin.service:
name: nrpe
state: started
enabled: true
tags:
- service
- nagios_client
- name: Install nrpe check for rsyslogd
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_rsyslogd_proc.cfg
notify:
- Restart nrpe
tags:
- nagios_client
- name: Install nrpe check for systemd units
ansible.builtin.template:
src: "{{ item }}.j2"
dest: "/etc/nrpe.d/{{ item }}"
owner: root
group: root
mode: "0644"
with_items:
- check_systemd_units.cfg
when: inventory_hostname.startswith('pagure')
notify:
- Restart nrpe
tags:
- nagios_client
- pagure
Reference in New Issue View Git Blame Copy Permalink