nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP

2023-12-15 15:46:15 +01:00 · 2023-12-15 15:46:15 +01:00 · 7dd930afcb
parent 8e18b6972a
commit 7dd930afcb
3 changed files with 4 additions and 44 deletions
--- a/1
+++ b/1
@ -84,6 +84,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * evomaintenance: upstream release 23.10.1
 * accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
 * base: configure "/var/log" for servers that have a mount on it
+* nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP

 ### Fixed

--- a/roles/nagios-nrpe/tasks/main.yml
+++ b/roles/nagios-nrpe/tasks/main.yml
@ -52,50 +52,6 @@
  tags:
    - nagios-nrpe

- name: "Fetch nrpe config content"
-  ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
-  check_mode: false
-  register: nrpe_config_content
-  failed_when: false
-  changed_when: false
-  tags:
-    - nagios-nrpe
-
- name: "Allow NRPE hosts - if no allowed_hosts configured"
-  ansible.builtin.lineinfile:
-    dest: /etc/nrpe.d/evolix.cfg
-    insertbefore: BOF
-    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
-    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
-    create: true
-    mode: "0644"
-  when: nrpe_config_content.rc != 0
-  tags:
-    - nagios-nrpe
-
- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
-  ansible.builtin.lineinfile:
-    dest: /etc/nrpe.d/evolix.cfg
-    backrefs: true
-    insertbefore: BOF
-    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
-    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
-    create: true
-    mode: "0644"
-  when: nrpe_config_content.rc == 0
-  tags:
-    - nagios-nrpe
-
- name: "Allow NRPE hosts - add comment"
-  ansible.builtin.lineinfile:
-    dest: /etc/nrpe.d/evolix.cfg
-    insertbefore: BOF
-    line: "# Allowed IPs"
-    create: true
-    mode: "0644"
-  tags:
-    - nagios-nrpe
-
 - name: "Create nrpe plugins dir"
  ansible.builtin.file:
    path: /usr/local/libexec/nagios/plugins/
--- a/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
+++ b/roles/nagios-nrpe/templates/evolix_bsd.cfg.j2
@ -1,3 +1,6 @@
+# Allowed IPs
+allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
+
 {% if ansible_distribution_version is version_compare("7.2",'>=') %}
 # Allow older cipher suites for older Icinga version
 ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0