diff --git a/nagios-nrpe/README.md b/nagios-nrpe/README.md index 6d72920e..c52cab05 100644 --- a/nagios-nrpe/README.md +++ b/nagios-nrpe/README.md @@ -12,3 +12,9 @@ Everything is in the `tasks/main.yml` file. * `nagios_nrpe_force_update_allowed_hosts` : force update list of allowed hosts (default: `False`) The full list of variables (with default values) can be found in `defaults/main.yml`. + +## Available tags + +* `nagios-nrpe` : install Nagios and plugins (idempotent) +* `nagios-plugins` : install only plugins (idempotent) + diff --git a/nagios-nrpe/files/plugins/check_domains b/nagios-nrpe/files/plugins/check_domains new file mode 100755 index 00000000..23f48022 --- /dev/null +++ b/nagios-nrpe/files/plugins/check_domains @@ -0,0 +1,14 @@ +#!/usr/bin/bash +# +# Check domains using script inspect-domains. +# +# Written by Will +# + +if ! command -v inspect-domains >/dev/null; then + echo 'UNKNOWN - Missing dependency inspect-domains.' + exit 3 +fi + +inspect-domains -o nrpe -a check-dns + diff --git a/nagios-nrpe/tasks/configure_check_domains.yml b/nagios-nrpe/tasks/configure_check_domains.yml new file mode 100644 index 00000000..0d81b652 --- /dev/null +++ b/nagios-nrpe/tasks/configure_check_domains.yml @@ -0,0 +1,25 @@ +- name: Install check_domains dependency + include_role: + name: inspect-domains + +- name: Configure check_domains in /etc/nagios/nrpe.d/evolix.cfg + ansible.builtin.lineinfile: + path: /etc/nagios/nrpe.d/evolix.cfg + regexp: '^command\[check_domains\]=' + line: command[check_domains]=sudo {{ nagios_plugins_directory }}/check_domains + notify: restart nagios-nrpe-server + +- name: Is evolinux sudoers installed? + ansible.builtin.stat: + path: /etc/sudoers.d/evolinux + register: sudoers_evolinux + +- name: Allow nagios user to execute check_domains without sudo password + ansible.builtin.lineinfile: + path: /etc/sudoers.d/evolinux + regexp: 'check_domains' + line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_domains' + insertafter: '^nagios' + validate: "visudo -cf %s" + when: sudoers_evolinux.stat.exists + diff --git a/nagios-nrpe/tasks/main.yml b/nagios-nrpe/tasks/main.yml index 77770020..28ab11a9 100644 --- a/nagios-nrpe/tasks/main.yml +++ b/nagios-nrpe/tasks/main.yml @@ -22,6 +22,7 @@ - ansible_distribution == "Debian" - ansible_distribution_major_version is version('10', '>=') tags: + - nagios-nrpe - nagios-plugins - name: custom configuration is present diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2 index ae0e0abd..7546f2bc 100644 --- a/nagios-nrpe/templates/evolix.cfg.j2 +++ b/nagios-nrpe/templates/evolix.cfg.j2 @@ -47,6 +47,7 @@ command[check_proxy]=/usr/lib/nagios/plugins/check_http -H {{ nagios_nrpe_check_ command[check_redis]=/usr/lib/nagios/plugins/check_tcp -p 6379 command[check_clamd]=/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v command[check_clamav_db]=/usr/lib/nagios/plugins/check_file_age -w 86400 -c 172800 -f /var/lib/clamav/evolix.ndb +command[check_domains]=sudo {{ nagios_plugins_directory }}/check_domains command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5 command[check_ssl_local]={{ nagios_plugins_directory }}/check_ssl_local command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex