From 4fd4e0d96d19529f51b014511c0a86642ec493fc Mon Sep 17 00:00:00 2001
From: Victor LABORIE <vlaborie@evolix.fr>
Date: Wed, 24 Jan 2018 16:49:07 +0100
Subject: [PATCH] ldap|nagios-nrpe: use external file for NRPE credentials

---
 ldap/tasks/main.yml                 | 15 +++++++++++++++
 nagios-nrpe/defaults/main.yml       |  2 --
 nagios-nrpe/templates/evolix.cfg.j2 |  4 ++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/ldap/tasks/main.yml b/ldap/tasks/main.yml
index ffecbad6..790b7367 100644
--- a/ldap/tasks/main.yml
+++ b/ldap/tasks/main.yml
@@ -58,6 +58,21 @@
     mode: "0640"
   when: not root_ldapvirc_path.stat.exists
 
+- name: set params for NRPE check
+  ini_file:
+    dest: /etc/nagios/monitoring-plugins.ini
+    owner: root
+    group: nagios
+    section: check_ldap
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    mode: 0640
+  with_items:
+  - { option: 'hostname', value: '127.0.0.1' }
+  - { option: 'base', value: "{{ ldap_suffix }}" }
+  - { option: 'bind', value: "cn=nagios,ou=ldapusers,{{ ldap_suffix }}" }
+  - { option: 'pass', value: "{{ ldap_nagios_password.stdout }}" }
+
 - name: upload ldap initial config
   template:
     src: config_ldapvi.j2
diff --git a/nagios-nrpe/defaults/main.yml b/nagios-nrpe/defaults/main.yml
index 5834c4a2..cb2f901e 100644
--- a/nagios-nrpe/defaults/main.yml
+++ b/nagios-nrpe/defaults/main.yml
@@ -2,8 +2,6 @@
 nagios_nrpe_default_allowed_hosts: []
 nagios_nrpe_additional_allowed_hosts: []
 nagios_nrpe_allowed_hosts: "{{ nagios_nrpe_default_allowed_hosts | union(nagios_nrpe_additional_allowed_hosts) | unique }}"
-nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT"
-nagios_nrpe_ldap_passwd: LDAP_PASSWD
 nagios_nrpe_pgsql_passwd: PGSQL_PASSWD
 nagios_nrpe_amavis_from: "foobar@{{ ansible_domain }}"
 
diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2
index 022d75f9..3d07600e 100644
--- a/nagios-nrpe/templates/evolix.cfg.j2
+++ b/nagios-nrpe/templates/evolix.cfg.j2
@@ -25,8 +25,8 @@ command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -M postfix -w 10 -c 20
 command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
 command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
 command[check_mysql_slave]=/usr/lib/nagios/plugins/check_mysql --check-slave -H localhost -f ~nagios/.my.cnf -w 1800 -c 3600
-command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 -H localhost -D cn=nagios,ou=ldapusers,{{ nagios_nrpe_ldap_dc }} -P {{ nagios_nrpe_ldap_passwd }} -b {{ nagios_nrpe_ldap_dc }}
-command[check_ldaps]=/usr/lib/nagios/plugins/check_ldaps -3 -H localhost -b {{ nagios_nrpe_ldap_dc }}
+command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 --extra-opts=@/etc/nagios/monitoring-plugins.ini
+command[check_ldaps]=/usr/lib/nagios/plugins/check_ldap -3 -T --extra-opts=@/etc/nagios/monitoring-plugins.ini
 command[check_imap]=/usr/lib/nagios/plugins/check_imap -H localhost
 command[check_imaps]=/usr/lib/nagios/plugins/check_imap -S -H localhost -p 993
 command[check_imapproxy]=/usr/lib/nagios/plugins/check_imap -H localhost -p 1143