EvoBSD/roles/nagios-nrpe/tasks/main.yml

# yamllint disable rule:line-length
---
- name: "Install nrpe"
  community.general.openbsd_pkg:
    name:
      - nrpe--
    state: present
  tags:
    - nagios-nrpe

- name: "Install monitoring packages"
  community.general.openbsd_pkg:
    name:
      - monitoring-plugins
      - check_bioctl
    state: present
  tags:
    - nagios-nrpe

- name: "Create nrpe.d dir"
  ansible.builtin.file:
    path: /etc/nrpe.d
    state: directory
    owner: root
    group: wheel
    mode: "0755"
  tags:
    - nagios-nrpe

- name: "Include nrpe.d dir in nrpe.cfg"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.cfg
    line: 'include_dir=/etc/nrpe.d'
  tags:
    - nagios-nrpe

- name: "Custom configuration is present"
  ansible.builtin.blockinfile:
    block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
    path: /etc/nrpe.d/evolix.cfg
    marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
    create: true
    mode: "0644"
    insertbefore: BOF
  notify: restart nrpe
  tags:
    - nagios-nrpe

- name: "Fetch nrpe config content"
  ansible.builtin.command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
  check_mode: false
  register: nrpe_config_content
  failed_when: false
  changed_when: false
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - if no allowed_hosts configured"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
  when: nrpe_config_content.rc != 0
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    backrefs: true
    insertbefore: BOF
    regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
    line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
  when: nrpe_config_content.rc == 0
  tags:
    - nagios-nrpe

- name: "Allow NRPE hosts - add comment"
  ansible.builtin.lineinfile:
    dest: /etc/nrpe.d/evolix.cfg
    insertbefore: BOF
    line: "# Allowed IPs"
  tags:
    - nagios-nrpe

- name: "Create nrpe plugins dir"
  ansible.builtin.file:
    path: /usr/local/libexec/nagios/plugins/
    state: directory
    owner: root
    group: wheel
    mode: "0755"
  tags:
    - nagios-nrpe

- name: "Nagios plugins are installed"
  ansible.builtin.copy:
    src: plugins_bsd/{{ item.name }}
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
    group: wheel
    mode: "0755"
    force: "{{ item.force }}"
  with_items:
    - {name: 'check_carp_if', force: true}
    - {name: 'check_connections_state.sh', force: false}
    - {name: 'check_ipsecctl.sh', force: false}
    - {name: 'check_ipsecctl_critiques.sh', force: false}
    - {name: 'check_openbgpd', force: true}
    - {name: 'check_openvpn', force: false}
    - {name: 'check_openvpn.pl', force: true}
    - {name: 'check_ospfd_simple', force: true}
    - {name: 'check_packetfilter.sh', force: true}
    - {name: 'check_pf_states', force: false}
    - {name: 'check_mailq.pl', force: true}
    - {name: 'check_dhcp_pool', force: false}
    - {name: 'check_dhcpd.sh', force: false}
    - {name: 'check_ipmi_sensor', force: true}
  notify: restart nrpe
  tags:
    - nagios-nrpe
    - nagios-nrpe-utils

- name: "Nagios plugins are installed - template"
  ansible.builtin.template:
    src: plugins_bsd/{{ item.name }}.j2
    dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
    owner: root
    group: wheel
    mode: "0755"
    force: "{{ item.force }}"
  with_items:
    - {name: 'check_free_mem.sh', force: true}
  notify: restart nrpe
  tags:
    - nagios-nrpe
    - nagios-nrpe-utils

- name: "Starting and enabling nrpe"
  ansible.builtin.service:
    name: nrpe
    enabled: true
    state: started
  tags:
    - nagios-nrpe