Revert "evolinux-users, nagios-nrpe: sudoers conf for nagios splitted and moved from evolinux-users to nagios-nrpe"
This reverts commit adc79e0d8d
.
This commit is contained in:
parent
d55da041ae
commit
e93a68d27a
|
@ -25,7 +25,6 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
|
||||
* log2mail: task log2mail.yml of evolinux-base converted to a role
|
||||
* lxc-solr: update solr9 version + fix URL in README
|
||||
* evolinux-users, nagios-nrpe: sudoers conf for nagios splitted and moved from evolinux-users to nagios-nrpe
|
||||
* evolinux-base: Customize logcheck recipient when serveur-base is installed
|
||||
|
||||
### Fixed
|
||||
|
|
|
@ -2,5 +2,33 @@ Defaults umask=0077
|
|||
|
||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
||||
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
||||
%{{ evolinux_sudo_group }} ALL = NOPASSWD: MAINT
|
||||
|
|
|
@ -3,5 +3,13 @@ Defaults umask=0077
|
|||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||
User_Alias ADMINS = {{ user.name }}
|
||||
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
ADMINS ALL = (ALL:ALL) ALL
|
||||
ADMINS ALL = NOPASSWD: MAINT
|
||||
|
|
|
@ -50,21 +50,16 @@
|
|||
notify: restart nagios-nrpe-server
|
||||
when: nrpe_evolix_cfg.stat.exists
|
||||
|
||||
- name: Is evolinux sudoers installed? (old way)
|
||||
- name: Is evolinux sudoers installed?
|
||||
ansible.builtin.stat:
|
||||
path: /etc/sudoers.d/evolinux
|
||||
register: sudoers_evolinux
|
||||
|
||||
- name: Is nagios sudoers installed?
|
||||
ansible.builtin.stat:
|
||||
path: /etc/sudoers.d/nagios
|
||||
register: sudoers_nagios
|
||||
|
||||
- name: sudo without password for nagios
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers.d/nagios
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
regexp: 'check_minifirewall'
|
||||
line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall'
|
||||
insertafter: '^nagios'
|
||||
validate: "visudo -cf %s"
|
||||
when: sudoers_evolinux.stat.exists or sudoers_nagios.stat.exists
|
||||
when: sudoers_evolinux.stat.exists
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
|
@ -91,8 +91,6 @@
|
|||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- ansible.builtin.include_tasks: sudoers.yml
|
||||
|
||||
- ansible.builtin.include_tasks: wrapper.yml
|
||||
|
||||
- ansible.builtin.include_tasks: check-local.yml
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
---
|
||||
- name: "/etc/sudoers.d presence and permissions"
|
||||
ansible.builtin.file:
|
||||
path: /etc/sudoers.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
state: directory
|
||||
|
||||
- name: "Copy nagios sudoers conf (Debian 9 Stretch and later)"
|
||||
ansible.builtin.copy:
|
||||
src: sudoers
|
||||
dest: /etc/sudoers.d/nagios
|
||||
mode: "0440"
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
register: copy_sudoers_evolinux
|
||||
when:
|
||||
- ansible_distribution_major_version is defined
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: "Copy nagios sudoers conf (Debian 8 Jessie) "
|
||||
ansible.builtin.copy:
|
||||
src: sudoers_jessie
|
||||
dest: /etc/sudoers.d/nagios
|
||||
mode: "0440"
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
register: copy_sudoers_evolinux
|
||||
when: ansible_distribution_release == "jessie"
|
|
@ -45,7 +45,7 @@
|
|||
|
||||
- name: sudo without password for nagios
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers.d/nagios
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
regexp: 'check_rabbitmq'
|
||||
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_rabbitmq'
|
||||
insertafter: '^nagios'
|
||||
|
|
|
@ -45,7 +45,7 @@
|
|||
|
||||
- name: sudo without password for nagios
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers.d/nagios
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
regexp: 'check_redis$'
|
||||
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
||||
insertafter: '^nagios'
|
||||
|
@ -69,7 +69,7 @@
|
|||
|
||||
- name: sudo without password for nagios
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers.d/nagios
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
regexp: 'check_redis$'
|
||||
line: 'nagios ALL = NOPASSWD: {{ redis_check_redis_path }}'
|
||||
insertafter: '^nagios'
|
||||
|
@ -108,7 +108,7 @@
|
|||
|
||||
- name: sudo without password for nagios
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers.d/nagios
|
||||
dest: /etc/sudoers.d/evolinux
|
||||
regexp: 'check_redis_instances$'
|
||||
line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_redis_instances'
|
||||
insertafter: '^nagios'
|
||||
|
|
Loading…
Reference in a new issue