forked from evolix/ansible-roles
Mysql: store NRPE credentials in secure file
This commit is contained in:
parent
cac6b2780d
commit
b9172350ff
|
@ -16,3 +16,5 @@ mysql_thread_cache_size: '{{ ansible_processor_cores }}'
|
||||||
mysql_innodb_buffer_pool_size: '{{ (ansible_memtotal_mb * 0.3) | int }}M'
|
mysql_innodb_buffer_pool_size: '{{ (ansible_memtotal_mb * 0.3) | int }}M'
|
||||||
|
|
||||||
mysql_cron_optimize: True
|
mysql_cron_optimize: True
|
||||||
|
|
||||||
|
mysql_force_new_nrpe_password: False
|
||||||
|
|
|
@ -4,39 +4,50 @@
|
||||||
stat:
|
stat:
|
||||||
path: /etc/nagios/nrpe.d/evolix.cfg
|
path: /etc/nagios/nrpe.d/evolix.cfg
|
||||||
check_mode: no
|
check_mode: no
|
||||||
|
|
||||||
register: nrpe_evolix_config
|
register: nrpe_evolix_config
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- nrpe
|
- nrpe
|
||||||
|
|
||||||
|
- name: NRPE user exists for MySQL ?
|
||||||
|
stat:
|
||||||
|
path: ~nagios/.my.cnf
|
||||||
|
check_mode: no
|
||||||
|
register: nrpe_my_cnf
|
||||||
|
tags:
|
||||||
|
- mysql
|
||||||
|
- nrpe
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Create a password for NRPE
|
- name: Create a password for NRPE
|
||||||
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'
|
||||||
register: mysql_nrpe_password
|
register: mysql_nrpe_password
|
||||||
changed_when: False
|
changed_when: False
|
||||||
|
|
||||||
- debug:
|
|
||||||
msg: "repl password: {{ mysql_nrpe_password.stdout }}"
|
|
||||||
|
|
||||||
- name: Create nrpe user
|
- name: Create nrpe user
|
||||||
mysql_user:
|
mysql_user:
|
||||||
name: nrpe
|
name: nrpe
|
||||||
password: '{{ mysql_nrpe_password.stdout }}'
|
password: '{{ mysql_nrpe_password.stdout }}'
|
||||||
config_file: /root/.my.cnf
|
config_file: /root/.my.cnf
|
||||||
update_password: on_create
|
update_password: always
|
||||||
state: present
|
state: present
|
||||||
register: create_nrpe_user
|
register: create_nrpe_user
|
||||||
|
|
||||||
- name: config check_mysql to use the new password
|
- name: Store credentials in nagios home
|
||||||
replace:
|
ini_file:
|
||||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
dest: "~nagios/.my.cnf"
|
||||||
regexp: '\bMYSQL_PASSWD\b'
|
owner: nagios
|
||||||
replace: '{{ mysql_nrpe_password.stdout }}'
|
group: nagios
|
||||||
notify: restart nagios-nrpe-server
|
mode: "0600"
|
||||||
|
section: client
|
||||||
|
option: '{{ item.option }}'
|
||||||
|
value: '{{ item.value }}'
|
||||||
|
with_items:
|
||||||
|
- { option: 'user', value: 'nrpe' }
|
||||||
|
- { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' }
|
||||||
when: create_nrpe_user.changed
|
when: create_nrpe_user.changed
|
||||||
|
|
||||||
when: nrpe_evolix_config.stat.exists
|
when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password)
|
||||||
tags:
|
tags:
|
||||||
- mysql
|
- mysql
|
||||||
- nrpe
|
- nrpe
|
||||||
|
|
Loading…
Reference in a new issue