From c3ab4a86d738dd5d84c37045ec38f897e1a71ae8 Mon Sep 17 00:00:00 2001 From: Ludovic Cartier Date: Tue, 17 Dec 2024 17:26:32 +0100 Subject: [PATCH] cleanup --- defaults/main.yml | 24 +++++++---- tasks/main.yml | 47 ++++++++++++++++++++- tasks/nrpe.yml | 42 ------------------- templates/nrpe.j2 | 87 ++++++++++++++++++++++++++------------- templates/nrpe.sudoers.j2 | 5 ++- 5 files changed, 121 insertions(+), 84 deletions(-) delete mode 100644 tasks/nrpe.yml diff --git a/defaults/main.yml b/defaults/main.yml index 45ea4af..6edc3ae 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,20 +1,26 @@ --- -nrpe_allowed_hosts: '127.0.0.1,212.85.154.82,51.158.69.165' +nrpe_allowed_hosts: '127.0.0.1,51.158.69.165' -nrpe_load_warning: '`cat /proc/cpuinfo |grep -c processor`' -nrpe_load_critical: '`echo "$(($(cat /proc/cpuinfo |grep -c processor) * 2 ))"`' +nrpe_load_warning: "{{ ansible_processor_cores|int }}" +nrpe_load_critical: "{{ (ansible_processor_cores * 2)|int }}" nrpe_memory_warning: 80 nrpe_memory_critical: 90 -nrpe_swap_warning: 40 -nrpe_swap_critical: 60 +nrpe_swap_warning: 70 +nrpe_swap_critical: 80 -nrpe_exim_warning: 10 -nrpe_exim_critical: 20 +nrpe_mailq_warning: 10 +nrpe_mailq_critical: 20 -nrpe_postfix_warning: 10 -nrpe_postfix_critical: 20 +nrpe_smtp_host: localhost nrpe_eth_warning: '12M' nrpe_eth_critical: '15M' + +nrpe_postgresql_host: locahost +nrpe_postgresql_port: 5432 +nrpe_postgresql_user: nagios +nrpe_postgresql_password: changeme_ +nrpe_postgresql_backend_warning: 75 +nrpe_postgresql_backend_critical: 90 diff --git a/tasks/main.yml b/tasks/main.yml index 1f4d36e..844cac4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,46 @@ --- -- name: "monitoring | install nrpe" - include: nrpe.yml +- name: nrpe | apt update cache + apt: + update_cache: yes + cache_valid_time: 86400 #One day + +- name: nrpe | install nrpe packages + apt: + name: "{{ item }}" + update_cache: true + state: present + with_items: + - nagios-nrpe-server + - monitoring-plugins + - monitoring-plugins-basic + - monitoring-plugins-common + - monitoring-plugins-standard + - libmonitoring-plugin-perl + +- name: nrpe | copy nrpe configuration + template: + src: "nrpe.j2" + dest: "/etc/nagios/nrpe.d/brainsys.cfg" + mode: "0644" + force: yes + backup: yes + notify: + - restart nagios-nrpe-server + +- name: nrpe | copy nrpe plugins + copy: + src: nrpe/ + dest: /usr/lib/nagios/plugins + mode: 0755 + +- name: nrpe | restart nagios-nrpe-server + systemd: + state: restarted + name: nagios-nrpe-server + +- name: nrpe | allow nagios user to specific sudo + template: + src: nrpe.sudoers.j2 + dest: /etc/sudoers.d/nrpe + validate: 'visudo -cf %s' + mode: 0440 diff --git a/tasks/nrpe.yml b/tasks/nrpe.yml deleted file mode 100644 index d54a6c4..0000000 --- a/tasks/nrpe.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -- name: nrpe | apt update cache - apt: - update_cache: yes - cache_valid_time: 86400 #One day - -- name: nrpe | install nrpe packages - apt: - name: "{{ item }}" - update_cache: true - state: present - with_items: - - nagios-nrpe-server - - libmonitoring-plugin-perl - - monitoring-plugins-standard - - libdbd-mysql-perl - -- name: nrpe | copy nrpe configuration - template: - src: "nrpe.j2" - dest: "/etc/nagios/nrpe.d/brainsys.cfg" - mode: "0644" - force: yes - backup: yes - -- name: nrpe | copy nrpe plugins - copy: - src: nrpe/ - dest: /usr/lib/nagios/plugins - mode: 0755 - -- name: nrpe | restart nagios-nrpe-server - systemd: - state: restarted - name: nagios-nrpe-server - -- name: nrpe | allow nagios user to specific sudo - template: - src: nrpe.sudoers.j2 - dest: /etc/sudoers.d/nrpe - validate: 'visudo -cf %s' - mode: 0440 diff --git a/templates/nrpe.j2 b/templates/nrpe.j2 index 6e8a418..8e3740e 100644 --- a/templates/nrpe.j2 +++ b/templates/nrpe.j2 @@ -1,51 +1,80 @@ +# Ansible managed - DO NOT EDIT MANUALLY ! allowed_hosts={{ nrpe_allowed_hosts }} dont_blame_nrpe=1 +# base command[check_load]=/usr/lib/nagios/plugins/check_load -w {{ nrpe_load_warning }} -c {{ nrpe_load_critical }} -command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }} -command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }} -command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25 +command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }} command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 500 -c 800 command[check_process]=/usr/lib/nagios/plugins/check_process command[check_dns]=/usr/lib/nagios/plugins/check_dns -H google.com -command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni 'www.brainsys.io' -C 14,3 -command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w {{ nrpe_eth_warning }} -c {{ nrpe_eth_critical }} +{% if nrpe_ssl_host is defined %} +command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni '{{ nrpe_ssl_host }}' -C 14,3 +{% endif %} +command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w 12M -c 15M command[check_proc_fail2ban]=/usr/lib/nagios/plugins/check_procs -a fail2ban -w 1: -c 1: command[check_proc_age]=/usr/lib/nagios/plugins/check_proc_age -p -w 400 -c 600 # disk # -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after -command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /sys -x /dev/shm -X tmpfs -X nsfs -X proc -X sysfs -X devtmpfs -X overlay -X tracefs -w 10% -c 3% -W 10% -K 3% -H +command[check_disk]=/usr/lib/nagios/plugins/check_disk -x /lib/init/rw -x /dev -x /dev/shm -x /sys -x /proc -X tmpfs -w 10% -c 3% -W 10% -K 3% -A -I '^/dev/loop.*$' -I '^/run/docker/.*$' -X overlay -x /sys/kernel/debug/tracing +# -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after +command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /run -x /sys -x /dev/shm -X tmpfs -X nsfs -X overlay -X fuse -X proc -X sysfs -X devtmpfs -w 10% -c 3% -W 10% -K 3% -H command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p / command[check_rw_root]=/usr/lib/nagios/plugins/check_rofs / +{% if nrpe_disk is defined %} +{% for target in nrpe_disk %} command[check_disk_data]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p /data command[check_rw_data]=/usr/lib/nagios/plugins/check_rofs /data +{% endfor %} +{% endif %} +{% if nrpe_mysql is defined %} # mysql -command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -d mysql -H 127.0.0.1 -command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -H 127.0.0.1 -w 600 -c 1200 +command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -d mysql +command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -w 600 -c 1200 +{% endif %} +{% if nrpe_postgresql is defined %} # postgresql -command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p 5432 -command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=connection -command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=backends -w 175 -c 190 - -# raid -command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm -command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware - -# services -command[check_proc_docker]=/usr/lib/nagios/plugins/check_systemd_service docker -command[check_proc_haproxy]=/usr/lib/nagios/plugins/check_systemd_service haproxy -command[check_proc_nginx]=/usr/lib/nagios/plugins/check_systemd_service nginx -command[check_proc_php5.6]=/usr/lib/nagios/plugins/check_systemd_service php5.6-fpm -command[check_proc_php7.0]=/usr/lib/nagios/plugins/check_systemd_service php7.0-fpm -command[check_proc_php7.1]=/usr/lib/nagios/plugins/check_systemd_service php7.1-fpm -command[check_proc_php7.2]=/usr/lib/nagios/plugins/check_systemd_service php7.2-fpm -command[check_proc_php7.3]=/usr/lib/nagios/plugins/check_systemd_service php7.3-fpm -command[check_proc_php7.4]=/usr/lib/nagios/plugins/check_systemd_service php7.4-fpm -command[check_proc_php8.0]=/usr/lib/nagios/plugins/check_systemd_service php8.0-fpm -command[check_proc_php8.1]=/usr/lib/nagios/plugins/check_systemd_service php8.1-fpm -command[check_proc_mysql]=/usr/lib/nagios/plugins/check_systemd_service mysql +command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p {{ nrpe_postgresql_port }} command[check_proc_postgresql]=/usr/lib/nagios/plugins/check_systemd_service postgresql +command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }} -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=connection +command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }} -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=backends -w {{ nrpe_postgresql_backend_warning }} -c {{ nrpe_postgresql_backend_critical }} +{% endif %} + +{% if nrpe_mail is defined %} +# mail +command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25 -H {{ nrpe_smtp_host }} +{% endif %} +{% if nrpe_mail_service is defined %} +{% if nrpe_mail_service == 'postfix' %} +command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }} +{% elif nrpe_mail_service == 'exim' %} +command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }} +{% endif %} +{% endif %} + +{% if nrpe_raid_soft is defined %} +command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm +{% endif %} +{% if nrpe_raid_3ware is defined %} +command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware +{% endif %} +{% if nrpe_raid is defined %} +command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_raid +{% endif %} + +{% if nrpe_docker_container is defined %} +{% for container in nrpe_docker_container %} +command[check_docker_{{ container }}]=/usr/lib/nagios/plugins/check_docker --containers {{ container }}.* --status running --restarts 2:5 --present +{% endfor %} +{% endif %} + +{% if nrpe_process is defined %} +{% for process in nrpe_process %} +command[check_proc_{{ process }}]=/usr/lib/nagios/plugins/check_systemd_service {{ process }} +{% endfor %} +{% endif %} + diff --git a/templates/nrpe.sudoers.j2 b/templates/nrpe.sudoers.j2 index 55f6aa3..543c886 100644 --- a/templates/nrpe.sudoers.j2 +++ b/templates/nrpe.sudoers.j2 @@ -1,2 +1,3 @@ -nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }} -nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_exim_warning }} -c {{ nrpe_exim_critical }} +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }} +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }} +nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_raid