Revert "evolinux-users, nagios-nrpe: sudoers conf for nagios splitted and moved from evolinux-users to nagios-nrpe"
This reverts commit adc79e0d8d
.
This commit is contained in:
parent
d55da041ae
commit
e93a68d27a
|
@ -25,7 +25,6 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
* log2mail: task log2mail.yml of evolinux-base converted to a role
|
* log2mail: task log2mail.yml of evolinux-base converted to a role
|
||||||
* lxc-solr: update solr9 version + fix URL in README
|
* lxc-solr: update solr9 version + fix URL in README
|
||||||
* evolinux-users, nagios-nrpe: sudoers conf for nagios splitted and moved from evolinux-users to nagios-nrpe
|
|
||||||
* evolinux-base: Customize logcheck recipient when serveur-base is installed
|
* evolinux-base: Customize logcheck recipient when serveur-base is installed
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -2,5 +2,33 @@ Defaults umask=0077
|
||||||
|
|
||||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||||
|
|
||||||
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
||||||
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||||
|
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
||||||
|
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
||||||
|
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
||||||
|
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
||||||
|
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
||||||
|
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
||||||
|
|
||||||
|
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||||
|
|
||||||
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
||||||
%{{ evolinux_sudo_group }} ALL = NOPASSWD: MAINT
|
%{{ evolinux_sudo_group }} ALL = NOPASSWD: MAINT
|
||||||
|
|
|
@ -3,5 +3,13 @@ Defaults umask=0077
|
||||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||||
User_Alias ADMINS = {{ user.name }}
|
User_Alias ADMINS = {{ user.name }}
|
||||||
|
|
||||||
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||||
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||||
|
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||||
|
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||||
|
|
||||||
ADMINS ALL = (ALL:ALL) ALL
|
ADMINS ALL = (ALL:ALL) ALL
|
||||||
ADMINS ALL = NOPASSWD: MAINT
|
ADMINS ALL = NOPASSWD: MAINT
|
||||||
|
|
|
@ -50,21 +50,16 @@
|
||||||
notify: restart nagios-nrpe-server
|
notify: restart nagios-nrpe-server
|
||||||
when: nrpe_evolix_cfg.stat.exists
|
when: nrpe_evolix_cfg.stat.exists
|
||||||
|
|
||||||
- name: Is evolinux sudoers installed? (old way)
|
- name: Is evolinux sudoers installed?
|
||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: /etc/sudoers.d/evolinux
|
path: /etc/sudoers.d/evolinux
|
||||||
register: sudoers_evolinux
|
register: sudoers_evolinux
|
||||||
|
|
||||||
- name: Is nagios sudoers installed?
|
|
||||||
ansible.builtin.stat:
|
|
||||||
path: /etc/sudoers.d/nagios
|
|
||||||
register: sudoers_nagios
|
|
||||||
|
|
||||||
- name: sudo without password for nagios
|
- name: sudo without password for nagios
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers.d/nagios
|
dest: /etc/sudoers.d/evolinux
|
||||||
regexp: 'check_minifirewall'
|
regexp: 'check_minifirewall'
|
||||||
line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall'
|
line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall'
|
||||||
insertafter: '^nagios'
|
insertafter: '^nagios'
|
||||||
validate: "visudo -cf %s"
|
validate: "visudo -cf %s"
|
||||||
when: sudoers_evolinux.stat.exists or sudoers_nagios.stat.exists
|
when: sudoers_evolinux.stat.exists
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
|
||||||
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
|
||||||
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
|
||||||
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
|
||||||
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
|
||||||
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
|
||||||
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
|
||||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
|
||||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
|
||||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
|
||||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
|
|
@ -91,8 +91,6 @@
|
||||||
tags:
|
tags:
|
||||||
- nagios-nrpe
|
- nagios-nrpe
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: sudoers.yml
|
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: wrapper.yml
|
- ansible.builtin.include_tasks: wrapper.yml
|
||||||
|
|
||||||
- ansible.builtin.include_tasks: check-local.yml
|
- ansible.builtin.include_tasks: check-local.yml
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
---
|
|
||||||
- name: "/etc/sudoers.d presence and permissions"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/sudoers.d
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0750"
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: "Copy nagios sudoers conf (Debian 9 Stretch and later)"
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: sudoers
|
|
||||||
dest: /etc/sudoers.d/nagios
|
|
||||||
mode: "0440"
|
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
|
||||||
register: copy_sudoers_evolinux
|
|
||||||
when:
|
|
||||||
- ansible_distribution_major_version is defined
|
|
||||||
- ansible_distribution_major_version is version('9', '>=')
|
|
||||||
|
|
||||||
- name: "Copy nagios sudoers conf (Debian 8 Jessie) "
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: sudoers_jessie
|
|
||||||
dest: /etc/sudoers.d/nagios
|
|
||||||
mode: "0440"
|
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
|
||||||
register: copy_sudoers_evolinux
|
|
||||||
when: ansible_distribution_release == "jessie"
|
|
|
@ -45,7 +45,7 @@
|
||||||
|
|
||||||
- name: sudo without password for nagios
|
- name: sudo without password for nagios
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers.d/nagios
|
dest: /etc/sudoers.d/evolinux
|
||||||
regexp: 'check_rabbitmq'
|
regexp: 'check_rabbitmq'
|
||||||
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_rabbitmq'
|
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_rabbitmq'
|
||||||
insertafter: '^nagios'
|
insertafter: '^nagios'
|
||||||
|
|
|
@ -45,7 +45,7 @@
|
||||||
|
|
||||||
- name: sudo without password for nagios
|
- name: sudo without password for nagios
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers.d/nagios
|
dest: /etc/sudoers.d/evolinux
|
||||||
regexp: 'check_redis$'
|
regexp: 'check_redis$'
|
||||||
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
||||||
insertafter: '^nagios'
|
insertafter: '^nagios'
|
||||||
|
@ -69,7 +69,7 @@
|
||||||
|
|
||||||
- name: sudo without password for nagios
|
- name: sudo without password for nagios
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers.d/nagios
|
dest: /etc/sudoers.d/evolinux
|
||||||
regexp: 'check_redis$'
|
regexp: 'check_redis$'
|
||||||
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
||||||
insertafter: '^nagios'
|
insertafter: '^nagios'
|
||||||
|
@ -108,7 +108,7 @@
|
||||||
|
|
||||||
- name: sudo without password for nagios
|
- name: sudo without password for nagios
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers.d/nagios
|
dest: /etc/sudoers.d/evolinux
|
||||||
regexp: 'check_redis_instances$'
|
regexp: 'check_redis_instances$'
|
||||||
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_redis_instances'
|
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_redis_instances'
|
||||||
insertafter: '^nagios'
|
insertafter: '^nagios'
|
||||||
|
|
Loading…
Reference in a new issue