EvoBSD/roles/nagios-nrpe/tasks/main.yml

# yamllint disable rule:line-length
---
- name: "Install nrpe"
  community.general.openbsd_pkg:
    name:
      - nrpe--
    state: present
  tags:
    - nagios-nrpe

- name: "Install monitoring packages"
  community.general.openbsd_pkg:
    name:
      - monitoring-plugins
      - check_bioctl
    state: present
  tags:
    - nagios-nrpe

- name: "Create nrpe.d dir"
  ansible.builtin.file:
    path: /etc/nrpe.d
    state: directory
    owner: root
    group: wheel
    mode: "0755"
  tags:
    - nagios-nrpe

- name: "Include nrpe.d dir in nrpe.cfg"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.cfg
    line: 'include_dir=/etc/nrpe.d'
    create: true
  tags:
    - nagios-nrpe

- name: "Check if nrpe service exists, for usage in check_mode"
  stat: 
    path: /etc/rc.d/nrpe
  register: nrpe_exists

- name: "Custom configuration is present"
  ansible.builtin.blockinfile:
    block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
    path: /etc/nrpe.d/evolix.cfg
    marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
    create: true
    mode: "0644"
    insertbefore: BOF
  notify: restart nrpe
  tags:
    - nagios-nrpe

- name: "Fetch nrpe config content"
  ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
  check_mode: false
  register: nrpe_config_content
  failed_when: false
  changed_when: false
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - if no allowed_hosts configured"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
    create: true
    mode: "0644"
  when: nrpe_config_content.rc != 0
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    backrefs: true
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
    create: true
    mode: "0644"
  when: nrpe_config_content.rc == 0
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - add comment"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    line: "# Allowed IPs"
    create: true
    mode: "0644"
  tags:
    - nagios-nrpe

- name: "Create nrpe plugins dir"
  ansible.builtin.file:
    path: /usr/local/libexec/nagios/plugins/
    state: directory
    owner: root
    group: wheel
    mode: "0755"
  tags:
    - nagios-nrpe

- name: "Nagios plugins are installed"
  ansible.builtin.copy:
    src: plugins_bsd/{{ item.name }}
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
    group: wheel
    mode: "0755"
    force: "{{ item.force }}"
  with_items:
    - {name: 'check_carp_if', force: true}
    - {name: 'check_connections_state.sh', force: false}
    - {name: 'check_ipsecctl.sh', force: false}
    - {name: 'check_ipsecctl_critiques.sh', force: false}
    - {name: 'check_openbgpd', force: true}
    - {name: 'check_openvpn', force: false}
    - {name: 'check_openvpn.pl', force: true}
    - {name: 'check_ospfd_simple', force: true}
    - {name: 'check_packetfilter.sh', force: true}
    - {name: 'check_pf_states', force: false}
    - {name: 'check_mailq.pl', force: true}
    - {name: 'check_dhcp_pool', force: false}
    - {name: 'check_dhcpd.sh', force: false}
    - {name: 'check_ipmi_sensor', force: true}
  notify: restart nrpe
  tags:
    - nagios-nrpe
    - nagios-nrpe-utils

- name: "Nagios plugins are installed - template"
  ansible.builtin.template:
    src: plugins_bsd/{{ item.name }}.j2
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
    group: wheel
    mode: "0755"
    force: "{{ item.force }}"
  with_items:
    - {name: 'check_free_mem.sh', force: true}
  notify: restart nrpe
  tags:
    - nagios-nrpe
    - nagios-nrpe-utils

- name: "Starting and enabling nrpe"
  ansible.builtin.service:
    name: nrpe
    enabled: true
    state: started
  when: nrpe_exists.stat.exists
  tags:
    - nagios-nrpe
yamllint fix 2022-10-19 18:23:54 +02:00			`# yamllint disable rule:line-length`
Add initial project 2018-12-28 11:23:49 +01:00			`---`
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Install nrpe"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`community.general.openbsd_pkg:`
Change in depreciated options Packages list and comparisons will have a new syntax with future ansible version 2020-04-21 11:35:45 +02:00			`name:`
			`- nrpe--`
Add initial project 2018-12-28 11:23:49 +01:00			`state: present`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
Add initial project 2018-12-28 11:23:49 +01:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Install monitoring packages"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`community.general.openbsd_pkg:`
Change in depreciated options Packages list and comparisons will have a new syntax with future ansible version 2020-04-21 11:35:45 +02:00			`name:`
			`- monitoring-plugins`
Add NRPE check bioctl for RAID devices and fix CHANGELOG and README syntax 2021-12-15 16:29:48 +01:00			`- check_bioctl`
Add initial project 2018-12-28 11:23:49 +01:00			`state: present`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
Add initial project 2018-12-28 11:23:49 +01:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Create nrpe.d dir"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.file:`
Add initial project 2018-12-28 11:23:49 +01:00			`path: /etc/nrpe.d`
			`state: directory`
			`owner: root`
			`group: wheel`
			`mode: "0755"`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
Add initial project 2018-12-28 11:23:49 +01:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Include nrpe.d dir in nrpe.cfg"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.lineinfile:`
Add initial project 2018-12-28 11:23:49 +01:00			`dest: /etc/nrpe.cfg`
			`line: 'include_dir=/etc/nrpe.d'`
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`create: true`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
Add initial project 2018-12-28 11:23:49 +01:00
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`- name: "Check if nrpe service exists, for usage in check_mode"`
			`stat:`
			`path: /etc/rc.d/nrpe`
			`register: nrpe_exists`

Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Custom configuration is present"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.blockinfile:`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"`
			`path: /etc/nrpe.d/evolix.cfg`
			`marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"`
yamllint fix 2022-10-19 18:23:54 +02:00			`create: true`
Applying fix from yamllint and ansible-lint 2022-04-13 16:57:39 +02:00			`mode: "0644"`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`insertbefore: BOF`
Add initial project 2018-12-28 11:23:49 +01:00			`notify: restart nrpe`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
Add initial project 2018-12-28 11:23:49 +01:00
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`- name: "Fetch nrpe config content"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`check_mode: false`
			`register: nrpe_config_content`
			`failed_when: false`
			`changed_when: false`
			`tags:`
			`- nagios-nrpe`

			`- name: "Allow NRPE hosts - if no allowed_hosts configured"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.lineinfile:`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`dest: /etc/nrpe.d/evolix.cfg`
			`insertbefore: BOF`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts \| join(',') }}"`
			`line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts \| join(",") }}'`
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`create: true`
			`mode: "0644"`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`when: nrpe_config_content.rc != 0`
			`tags:`
			`- nagios-nrpe`

			`- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.lineinfile:`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`dest: /etc/nrpe.d/evolix.cfg`
yamllint fix 2022-10-19 18:23:54 +02:00			`backrefs: true`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`insertbefore: BOF`
			`regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts \| join(',') }}(.)"`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts \| join(",") }}\1'`
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`create: true`
			`mode: "0644"`
nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet 2023-03-15 17:00:36 +01:00			`when: nrpe_config_content.rc == 0`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`tags:`
			`- nagios-nrpe`

			`- name: "Allow NRPE hosts - add comment"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.lineinfile:`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`dest: /etc/nrpe.d/evolix.cfg`
			`insertbefore: BOF`
			`line: "# Allowed IPs"`
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`create: true`
			`mode: "0644"`
do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore 2022-08-25 16:28:33 +02:00			`tags:`
			`- nagios-nrpe`

Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Create nrpe plugins dir"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.file:`
NRPE plugins dir was not created 2020-10-14 16:35:17 +02:00			`path: /usr/local/libexec/nagios/plugins/`
			`state: directory`
			`owner: root`
			`group: wheel`
			`mode: "0755"`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
NRPE plugins dir was not created 2020-10-14 16:35:17 +02:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Nagios plugins are installed"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.copy:`
Force replacement of some NRPE checks We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost. 2020-07-09 15:44:25 +02:00			`src: plugins_bsd/{{ item.name }}`
			`dest: /usr/local/libexec/nagios/plugins/{{ item.name }}`
Add initial project 2018-12-28 11:23:49 +01:00			`owner: root`
			`group: wheel`
			`mode: "0755"`
Force replacement of some NRPE checks We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost. 2020-07-09 15:44:25 +02:00			`force: "{{ item.force }}"`
			`with_items:`
Correct yamllint : spaces inside braces 2020-07-09 16:09:19 +02:00			`- {name: 'check_carp_if', force: true}`
			`- {name: 'check_connections_state.sh', force: false}`
			`- {name: 'check_ipsecctl.sh', force: false}`
Add full ipsecctl check script Different ipsecctl checks are currently used one the servers with no convention, so I created one template with all that has to be checked. 2021-10-15 11:55:46 +02:00			`- {name: 'check_ipsecctl_critiques.sh', force: false}`
Correct yamllint : spaces inside braces 2020-07-09 16:09:19 +02:00			`- {name: 'check_openbgpd', force: true}`
			`- {name: 'check_openvpn', force: false}`
			`- {name: 'check_openvpn.pl', force: true}`
			`- {name: 'check_ospfd_simple', force: true}`
Fix NRPE check file name 2020-10-13 12:02:48 +02:00			`- {name: 'check_packetfilter.sh', force: true}`
The pf_states NRPE check does not contain any variable, it can be in files folder 2020-10-14 12:13:52 +02:00			`- {name: 'check_pf_states', force: false}`
Update NRPE and doas configuration for checks mailq and openvpn_certificates - Fix check_mailq : the check from monitoring-plugins current version is not compatible with opensmtpd. I picked the last version from the GIT repository, and adjusted nrpe and doas configuration - Add doas configuration for check_openvpn_certificates.sh : some servers need doas, others don't. Better to set it everywhere. 2021-07-27 18:02:49 +02:00			`- {name: 'check_mailq.pl', force: true}`
nagios-nrpe : add a check dhcp_pool 2022-03-31 11:57:45 +02:00			`- {name: 'check_dhcp_pool', force: false}`
nagios-nrpe: add a wraper to check_dhcpd to define the number of dhcpd processes that must be running depending on the CARP state 2022-04-13 15:41:47 +02:00			`- {name: 'check_dhcpd.sh', force: false}`
nagios-nrpe: add the ipmi_sensor check 2023-06-26 16:27:50 +02:00			`- {name: 'check_ipmi_sensor', force: true}`
Add initial project 2018-12-28 11:23:49 +01:00			`notify: restart nrpe`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
			`- nagios-nrpe-utils`
Add initial project 2018-12-28 11:23:49 +01:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Nagios plugins are installed - template"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.template:`
Force replacement of some NRPE checks We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost. 2020-07-09 15:44:25 +02:00			`src: plugins_bsd/{{ item.name }}.j2`
			`dest: /usr/local/libexec/nagios/plugins/{{ item.name }}`
Add initial project 2018-12-28 11:23:49 +01:00			`owner: root`
			`group: wheel`
			`mode: "0755"`
Force replacement of some NRPE checks We cannot simply put "force: true" because some checks are customizable, some are not. We do not force to replace customizable ones for the customizations not to be lost. 2020-07-09 15:44:25 +02:00			`force: "{{ item.force }}"`
Add initial project 2018-12-28 11:23:49 +01:00			`with_items:`
Correct yamllint : spaces inside braces 2020-07-09 16:09:19 +02:00			`- {name: 'check_free_mem.sh', force: true}`
Add initial project 2018-12-28 11:23:49 +01:00			`notify: restart nrpe`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`
			`- nagios-nrpe-utils`
Add initial project 2018-12-28 11:23:49 +01:00
Syntax : have all task name between quotes 2022-06-23 16:17:42 +02:00			`- name: "Starting and enabling nrpe"`
use Fully Qualified Collection Name everywhere 2023-10-23 09:33:54 +02:00			`ansible.builtin.service:`
Add initial project 2018-12-28 11:23:49 +01:00			`name: nrpe`
Ansible-lint and yamllint again Lot of truthy variables, indentation and trailing spaces 2020-06-01 11:37:15 +02:00			`enabled: true`
Add initial project 2018-12-28 11:23:49 +01:00			`state: started`
accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode 2023-11-09 17:08:13 +01:00			`when: nrpe_exists.stat.exists`
update of tags for each tasks and ease the update of scripts 2022-06-23 18:35:39 +02:00			`tags:`
			`- nagios-nrpe`