forked from evolix/ansible-roles
76 lines
2.6 KiB
YAML
76 lines
2.6 KiB
YAML
---
|
|
|
|
- name: "Is /etc/nagios/monitoring-plugins.ini present ?"
|
|
ansible.builtin.stat:
|
|
path: /etc/nagios/monitoring-plugins.ini
|
|
check_mode: no
|
|
register: nagios_monitoring_plugins_path
|
|
|
|
- name: Warning when nagios config is present and ldap_nagios_password is given
|
|
ansible.builtin.debug:
|
|
msg: "WARNING: an LDAP nagios password is given, but a nagios config already exists. It will not be updated."
|
|
when:
|
|
- ldap_nagios_password | length > 0
|
|
- nagios_monitoring_plugins_path.stat.exists
|
|
|
|
# Generate ldap password if none is given and nagios config is absent
|
|
- name: apg package is installed
|
|
ansible.builtin.apt:
|
|
name: apg
|
|
state: present
|
|
when:
|
|
- ldap_nagios_password | length == 0
|
|
- not nagios_monitoring_plugins_path.stat.exists
|
|
|
|
- name: create a password for cn=admin
|
|
ansible.builtin.command:
|
|
cmd: "apg -n 1 -m 16 -M lcN"
|
|
register: new_ldap_nagios_password
|
|
changed_when: False
|
|
when:
|
|
- ldap_nagios_password | length == 0
|
|
- not nagios_monitoring_plugins_path.stat.exists
|
|
|
|
# Use the generated password or the one found in the file
|
|
- name: overwrite ldap_nagios_password (from apg)
|
|
ansible.builtin.set_fact:
|
|
ldap_nagios_password: "{{ new_ldap_nagios_password.stdout }}"
|
|
when:
|
|
- ldap_nagios_password | length == 0
|
|
- not nagios_monitoring_plugins_path.stat.exists
|
|
|
|
- name: set params for NRPE check
|
|
community.general.ini_file:
|
|
dest: /etc/nagios/monitoring-plugins.ini
|
|
owner: root
|
|
group: nagios
|
|
section: check_ldap
|
|
option: "{{ item.option }}"
|
|
value: "{{ item.value }}"
|
|
mode: "0640"
|
|
loop:
|
|
- { option: 'hostname', value: '127.0.0.1' }
|
|
- { option: 'base', value: "{{ ldap_suffix }}" }
|
|
- { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
|
|
- { option: 'pass', value: "{{ ldap_nagios_password }}" }
|
|
when: not nagios_monitoring_plugins_path.stat.exists
|
|
|
|
# Read ldap password when none is given and nagios config is present
|
|
# We can't parse a remote file, so we have to fetch it first
|
|
- name: Fetch /etc/nagios/monitoring-plugins.ini
|
|
ansible.builtin.fetch:
|
|
src: /etc/nagios/monitoring-plugins.ini
|
|
dest: /tmp/{{ inventory_hostname }}/
|
|
flat: yes
|
|
|
|
# Then web can parse it with the 'ini' lookup
|
|
# and set the variable
|
|
- name: overwrite ldap_nagios_password (from file)
|
|
ansible.builtin.set_fact:
|
|
ldap_nagios_password: "{{ lookup('ini', 'pass section=check_ldap file=/tmp/{{ inventory_hostname }}/monitoring-plugins.ini') }}"
|
|
|
|
- name: hash password for cn=nagios
|
|
ansible.builtin.command:
|
|
cmd: "slappasswd -s {{ ldap_nagios_password }}"
|
|
register: ldap_nagios_password_ssha
|
|
changed_when: False |