From 7fa2dcbb2848fdf9eb6f6e8eec38b6f4a553d8b1 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Wed, 27 Sep 2017 17:57:02 +0200 Subject: [PATCH 1/6] Redis: Also install redis-tools --- redis/tasks/main.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index 1b0545fa..eb31749e 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -1,8 +1,11 @@ --- - name: Redis is installed. apt: - name: redis-server + name: "{{ item }}" state: present + with_items: + - redis-server + - redis-tools tags: - redis - packages From eab2c3946a4e644ca0b1a32347b6a1544ccfe4c2 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Wed, 27 Sep 2017 18:41:21 +0200 Subject: [PATCH 2/6] Redis: On stretch, make sure nrpe will use check_redis instead of check_tcp check_redis was added in nagios-plugins-contrib in strech. --- redis/handlers/main.yml | 5 +++++ redis/tasks/main.yml | 9 +++++++++ redis/tasks/nrpe_stretch.yml | 15 +++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 redis/tasks/nrpe_stretch.yml diff --git a/redis/handlers/main.yml b/redis/handlers/main.yml index 8a416b0e..49b906a1 100644 --- a/redis/handlers/main.yml +++ b/redis/handlers/main.yml @@ -8,3 +8,8 @@ service: name: munin-node state: restarted + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index eb31749e..3c76eab5 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -34,3 +34,12 @@ - include: munin.yml when: _munin_installed.stat.exists and _munin_installed.stat.isdir + +- name: is NRPE present ? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + check_mode: no + register: nrpe_evolix_config + +- include: nrpe_stretch.yml + when: ansible_distribution_release == "stretch" and nrpe_evolix_config == true diff --git a/redis/tasks/nrpe_stretch.yml b/redis/tasks/nrpe_stretch.yml new file mode 100644 index 00000000..a2ffba17 --- /dev/null +++ b/redis/tasks/nrpe_stretch.yml @@ -0,0 +1,15 @@ +--- +- name: Install perl lib-redis (needed by check_redis) + apt: + name: libredis-perl + state: present + tags: + - redis + - nrpe + +- name: Replace check_tcp by check_redis for NRPE + replace: + dest: /etc/nagios/nrpe.d/evolix.cfg + regexp: '^command\[check_redis\]=\/usr\/lib\/nagios\/plugins\/check_tcp -p 6379' + replace: 'command[check_redis]=/usr/lib/nagios/plugins/check_redis -H 127.0.0.1' + notify: restart nagios-nrpe-server From c12559193a7fce1f2f3ce472bc5ecae2d274c073 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Thu, 28 Sep 2017 15:02:29 +0200 Subject: [PATCH 3/6] Redis: Add the possibility to set an instance password --- redis/README.md | 1 + redis/defaults/main.yml | 2 ++ redis/tasks/munin.yml | 10 ++++++++++ redis/templates/redis.conf.j2 | 4 ++++ 4 files changed, 17 insertions(+) diff --git a/redis/README.md b/redis/README.md index 29ff132f..5a7168b7 100644 --- a/redis/README.md +++ b/redis/README.md @@ -16,6 +16,7 @@ Main variables are : * `redis_conf_path`: config file location ; * `redis_port`: listening TCP port ; * `redis_bind_interface`: listening IP address ; +* `redis_password`: password for redis. Empty means no password ; * `redis_unixsocket`: Unix socket ; * `redis_loglevel`: log verbosity ; * `redis_logfile`: log file location. diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml index cf4e5fef..268bdd08 100644 --- a/redis/defaults/main.yml +++ b/redis/defaults/main.yml @@ -7,6 +7,8 @@ redis_bind_interface: 127.0.0.1 redis_unixsocket: '/var/run/redis/redis.sock' redis_timeout: 300 +redis_password: '' + redis_loglevel: "notice" redis_logfile: /var/log/redis/redis-server.log diff --git a/redis/tasks/munin.yml b/redis/tasks/munin.yml index 07473e2f..75d44941 100644 --- a/redis/tasks/munin.yml +++ b/redis/tasks/munin.yml @@ -60,3 +60,13 @@ - used_memory notify: restart munin-node tags: redis + +- name: Add redis password for munin + ini_file: + dest: /etc/munin/plugin-conf.d/munin-node + section: 'redis_*' + option: env.password + value: '{{ redis_password }}' + notify: restart munin-node + when: redis_password != '' + tags: redis diff --git a/redis/templates/redis.conf.j2 b/redis/templates/redis.conf.j2 index f7a7c5f0..78dd0c8c 100644 --- a/redis/templates/redis.conf.j2 +++ b/redis/templates/redis.conf.j2 @@ -7,6 +7,10 @@ bind {{ redis_bind_interface }} unixsocket {{ redis_unixsocket }} {% endif %} +{% if redis_password %} +requirepass {{ redis_password }} +{% endif %} + timeout {{ redis_timeout }} loglevel {{ redis_loglevel }} From 43d2de5da7e0f969aafc5fa6aa83b67323cf7380 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Thu, 28 Sep 2017 18:03:26 +0200 Subject: [PATCH 4/6] Redis: Fix error in the conditional inclusion of nrpe_stretch.yml --- redis/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index 3c76eab5..33a70797 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -42,4 +42,4 @@ register: nrpe_evolix_config - include: nrpe_stretch.yml - when: ansible_distribution_release == "stretch" and nrpe_evolix_config == true + when: ansible_distribution_release == "stretch" and nrpe_evolix_config.stat.exists == true From 36419c5b3c7c3144466d7c1a4f0d294a1a850e8f Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 2 Oct 2017 17:13:10 +0200 Subject: [PATCH 5/6] Redis: Set pasword variable as NULL instead of '' --- redis/defaults/main.yml | 2 +- redis/tasks/munin.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/redis/defaults/main.yml b/redis/defaults/main.yml index 268bdd08..6526c887 100644 --- a/redis/defaults/main.yml +++ b/redis/defaults/main.yml @@ -7,7 +7,7 @@ redis_bind_interface: 127.0.0.1 redis_unixsocket: '/var/run/redis/redis.sock' redis_timeout: 300 -redis_password: '' +redis_password: NULL redis_loglevel: "notice" redis_logfile: /var/log/redis/redis-server.log diff --git a/redis/tasks/munin.yml b/redis/tasks/munin.yml index 75d44941..04d6449c 100644 --- a/redis/tasks/munin.yml +++ b/redis/tasks/munin.yml @@ -68,5 +68,5 @@ option: env.password value: '{{ redis_password }}' notify: restart munin-node - when: redis_password != '' + when: redis_password != '' and redis_password != None tags: redis From 27e4512e502870af67aa7665c16b43e71a2ccff8 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 3 Oct 2017 10:21:13 +0200 Subject: [PATCH 6/6] Redis: Ensure that we do not modify munin-node config if there is multiple redis config blocs --- redis/tasks/munin.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/redis/tasks/munin.yml b/redis/tasks/munin.yml index 04d6449c..74676e07 100644 --- a/redis/tasks/munin.yml +++ b/redis/tasks/munin.yml @@ -61,12 +61,24 @@ notify: restart munin-node tags: redis -- name: Add redis password for munin +- name: Count redis condif blocks in munin-node configuration + command: grep -c "\[redis_" /etc/munin/plugin-conf.d/munin-node + register: munin_redis_blocs_in_config + failed_when: False + changed_when: False + +- name: Add redis password for munin (if no more than 1 config block) ini_file: dest: /etc/munin/plugin-conf.d/munin-node section: 'redis_*' option: env.password value: '{{ redis_password }}' notify: restart munin-node - when: redis_password != '' and redis_password != None + when: "redis_password != '' and redis_password != None and {{munin_redis_blocs_in_config.stdout | int}} <= 1" tags: redis + + +- name: Warn if multiple instance in munin-plugins configuration + debug: + msg: "WARNING - It seems you have multiple redis sections in your munin-node configuration - Munin config NOT changed" + when: "redis_password != '' and redis_password != None and {{munin_redis_blocs_in_config.stdout | int}} > 1 "