Ansible nagios-client role
<yambe:breadcrumb>Ansible_roles|Ansible roles</yambe:breadcrumb>
ansible nagios-client role
Nagios client role for configuring appropriate nrpe so that nagios-servers can monitor swap, total processes, disk, zombie processes, users, load, etc. for a client can be configured using:
Create roles/nagios-client/{files,handlers,tasks,templates} folder using:
mkdir -p roles/nagios-client/{files,handlers,tasks,templates}
Change working directory to roles/nagios-client
cd roles/nagios-client
Create files/client.nagios.conf empty file
Create files/localhost.cfg empty file
Create handlers/main.yaml file with following contents:
--- - name: restart nrpe # service: name=nrpe state=restarted enabled=yes shell: service xinetd restart; service nrpe restart
Here xinetd restart is required to ensure "nrpe" from xinetd is disabled before direct nrpe service is started.
Create tasks/main.yaml file with following contents:
--- - name: Install epel-repository yum: name=epel-release state=present - name: Install necessary packages yum: name={{item}} state=present with_items: - nagios-plugins-all # - nagios-plugins-fts - pnp4nagios - nagios-nrpe - name: Edit the nrpe.conf file to allow remote connectivity template: src=nrpe.cfg dest=/etc/nagios/nrpe.cfg notify: - restart nrpe - name: Disable nrpe through xinetd lineinfile: dest=/etc/xinetd.d/nrpe line="disable = yes" regexp="disable" ignore_errors: yes #This is commented as this would break nagios-server, if nagios-server is configured both as nagios-server and nagios-client for redundancy #- name: Copy the nagios.conf file # copy: src=client.nagios.conf dest=/etc/httpd/conf.d/nagios.conf mode=644 - name: Replace existing localhost.cfg file with emtpy file copy: src=localhost.cfg dest="/etc/nagios/objects/localhost.cfg" owner=root group=nagios mode=644 - name: Start the nrpe service service: name={{item}} state=started enabled=yes with_items: - nrpe
Create templates/nrpe.cfg with following contents:
log_facility=daemon pid_file=/var/run/nrpe/nrpe.pid server_port=5666 #server_address=127.0.0.1 nrpe_user=nrpe nrpe_group=nrpe allowed_hosts=127.0.0.1 {% for server1 in nagios_servers %} allowed_hosts={{server1}} {% endfor %} # Values: 0=do not allow arguments, 1=allow command arguments dont_blame_nrpe=0 # Values: 0=do not allow bash command substitutions, # 1=allow bash command substitutions allow_bash_command_substitution=0 # command_prefix=/usr/bin/sudo # Values: 0=debugging off, 1=debugging on debug=0 command_timeout=60 connection_timeout=300 # Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness #allow_weak_random_seed=1 #include=<somefile.cfg> command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% command[check_swap]=/usr/lib64/nagios/plugins/check_swap -w 70% -c 50% command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 # The following examples allow user-supplied arguments and can # only be used if the NRPE daemon was compiled with support for # command arguments *AND* the dont_blame_nrpe directive in this # config file is set to '1'. This poses a potential security risk, so # make sure you read the SECURITY file before doing this. #command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ #command[check_load]=/usr/lib64/nagios/plugins/check_load -w $ARG1$ -c $ARG2$ #command[check_disk]=/usr/lib64/nagios/plugins/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$ #command[check_procs]=/usr/lib64/nagios/plugins/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$ # INCLUDE CONFIG DIRECTORY (.cfg files) include_dir=/etc/nrpe.d/
Finally following variables need to be defined either in common_vars, or in vars/main.yaml of nagios-client role or in nagios-client playbook:
nagios_servers: - 10.4.21.12 - 10.4.21.13
IPs are preferable as these go into nrpe.cfg to ensure that nrpe answers queries only from these IPs
<yambe:breadcrumb>Ansible_roles|Ansible roles</yambe:breadcrumb>