ldap|nagios-nrpe: use external file for NRPE credentials

2018-01-24 16:49:07 +01:00 · 2018-01-24 16:49:07 +01:00 · 4fd4e0d96d
parent 3bbc1be977
commit 4fd4e0d96d
3 changed files with 17 additions and 4 deletions
--- a/ldap/tasks/main.yml
+++ b/ldap/tasks/main.yml
@ -58,6 +58,21 @@
    mode: "0640"
  when: not root_ldapvirc_path.stat.exists

+- name: set params for NRPE check
+  ini_file:
+    dest: /etc/nagios/monitoring-plugins.ini
+    owner: root
+    group: nagios
+    section: check_ldap
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: 0640
+  with_items:
+  - { option: 'hostname', value: '127.0.0.1' }
+  - { option: 'base', value: "{{ ldap_suffix }}" }
+  - { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
+  - { option: 'pass', value: "{{ ldap_nagios_password.stdout }}" }
+
 - name: upload ldap initial config
  template:
    src: config_ldapvi.j2
--- a/nagios-nrpe/defaults/main.yml
+++ b/nagios-nrpe/defaults/main.yml
@ -2,8 +2,6 @@
 nagios_nrpe_default_allowed_hosts: []
 nagios_nrpe_additional_allowed_hosts: []
 nagios_nrpe_allowed_hosts: "{{ nagios_nrpe_default_allowed_hosts | union(nagios_nrpe_additional_allowed_hosts) | unique }}"
-nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT"
-nagios_nrpe_ldap_passwd: LDAP_PASSWD
 nagios_nrpe_pgsql_passwd: PGSQL_PASSWD
 nagios_nrpe_amavis_from: "foobar@{{ ansible_domain }}"

--- a/nagios-nrpe/templates/evolix.cfg.j2
+++ b/nagios-nrpe/templates/evolix.cfg.j2
@ -25,8 +25,8 @@ command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -M postfix -w 10 -c 20
 command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
 command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
 command[check_mysql_slave]=/usr/lib/nagios/plugins/check_mysql --check-slave -H localhost -f ~nagios/.my.cnf -w 1800 -c 3600
-command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 -H localhost -D cn=nagios,ou=ldapusers,{{ nagios_nrpe_ldap_dc }} -P {{ nagios_nrpe_ldap_passwd }} -b {{ nagios_nrpe_ldap_dc }}
-command[check_ldaps]=/usr/lib/nagios/plugins/check_ldaps -3 -H localhost -b {{ nagios_nrpe_ldap_dc }}
+command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 --extra-opts=@/etc/nagios/monitoring-plugins.ini
+command[check_ldaps]=/usr/lib/nagios/plugins/check_ldap -3 -T --extra-opts=@/etc/nagios/monitoring-plugins.ini
 command[check_imap]=/usr/lib/nagios/plugins/check_imap -H localhost
 command[check_imaps]=/usr/lib/nagios/plugins/check_imap -S -H localhost -p 993
 command[check_imapproxy]=/usr/lib/nagios/plugins/check_imap -H localhost -p 1143