cleanup

2024-12-17 17:26:32 +01:00 · 2024-12-17 17:26:32 +01:00 · c3ab4a86d7
commit c3ab4a86d7
parent 85029a0f01
5 changed files with 121 additions and 84 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,20 +1,26 @@
 ---
-nrpe_allowed_hosts: '127.0.0.1,212.85.154.82,51.158.69.165'
+nrpe_allowed_hosts: '127.0.0.1,51.158.69.165'

-nrpe_load_warning: '`cat /proc/cpuinfo |grep -c processor`'
-nrpe_load_critical: '`echo "$(($(cat /proc/cpuinfo |grep -c processor) * 2 ))"`'
+nrpe_load_warning: "{{ ansible_processor_cores|int }}"
+nrpe_load_critical: "{{ (ansible_processor_cores * 2)|int }}"

 nrpe_memory_warning: 80
 nrpe_memory_critical: 90

-nrpe_swap_warning: 40
-nrpe_swap_critical: 60
+nrpe_swap_warning: 70
+nrpe_swap_critical: 80

-nrpe_exim_warning: 10
-nrpe_exim_critical: 20
+nrpe_mailq_warning: 10
+nrpe_mailq_critical: 20

-nrpe_postfix_warning: 10
-nrpe_postfix_critical: 20
+nrpe_smtp_host: localhost

 nrpe_eth_warning: '12M'
 nrpe_eth_critical: '15M'
+
+nrpe_postgresql_host: locahost
+nrpe_postgresql_port: 5432
+nrpe_postgresql_user: nagios
+nrpe_postgresql_password: changeme_
+nrpe_postgresql_backend_warning: 75
+nrpe_postgresql_backend_critical: 90
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,3 +1,46 @@
 ---
- name: "monitoring | install nrpe"
-  include: nrpe.yml
+- name: nrpe | apt update cache
+  apt:
+    update_cache: yes
+    cache_valid_time: 86400 #One day
+
+- name: nrpe | install nrpe packages
+  apt:
+    name: "{{ item }}"
+    update_cache: true
+    state: present
+  with_items:
+    - nagios-nrpe-server
+    - monitoring-plugins
+    - monitoring-plugins-basic
+    - monitoring-plugins-common
+    - monitoring-plugins-standard
+    - libmonitoring-plugin-perl
+
+- name: nrpe | copy nrpe configuration
+  template:
+    src: "nrpe.j2"
+    dest: "/etc/nagios/nrpe.d/brainsys.cfg"
+    mode: "0644"
+    force: yes
+    backup: yes
+  notify:
+    - restart nagios-nrpe-server
+
+- name: nrpe | copy nrpe plugins
+  copy:
+    src: nrpe/
+    dest: /usr/lib/nagios/plugins
+    mode: 0755
+
+- name: nrpe | restart nagios-nrpe-server
+  systemd:
+    state: restarted
+    name: nagios-nrpe-server
+
+- name: nrpe | allow nagios user to specific sudo
+  template:
+    src: nrpe.sudoers.j2
+    dest: /etc/sudoers.d/nrpe
+    validate: 'visudo -cf %s'
+    mode: 0440
--- a/tasks/nrpe.yml
+++ b/tasks/nrpe.yml
@ -1,42 +0,0 @@
---
- name: nrpe | apt update cache
-  apt:
-    update_cache: yes
-    cache_valid_time: 86400 #One day
-
- name: nrpe | install nrpe packages
-  apt:
-    name: "{{ item }}"
-    update_cache: true
-    state: present
-  with_items:
-    - nagios-nrpe-server
-    - libmonitoring-plugin-perl
-    - monitoring-plugins-standard
-    - libdbd-mysql-perl
-
- name: nrpe | copy nrpe configuration
-  template:
-    src: "nrpe.j2"
-    dest: "/etc/nagios/nrpe.d/brainsys.cfg"
-    mode: "0644"
-    force: yes
-    backup: yes
-
- name: nrpe | copy nrpe plugins
-  copy:
-    src: nrpe/
-    dest: /usr/lib/nagios/plugins
-    mode: 0755
-
- name: nrpe | restart nagios-nrpe-server
-  systemd:
-    state: restarted
-    name: nagios-nrpe-server
-
- name: nrpe | allow nagios user to specific sudo
-  template:
-    src: nrpe.sudoers.j2
-    dest: /etc/sudoers.d/nrpe
-    validate: 'visudo -cf %s'
-    mode: 0440
--- a/templates/nrpe.j2
+++ b/templates/nrpe.j2
@ -1,51 +1,80 @@
+#  Ansible managed - DO NOT EDIT MANUALLY !
 allowed_hosts={{ nrpe_allowed_hosts }}
 dont_blame_nrpe=1

+# base
 command[check_load]=/usr/lib/nagios/plugins/check_load -w {{ nrpe_load_warning }} -c {{ nrpe_load_critical }}
-command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }}
-command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }}
-command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25
+command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }}
 command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
 command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 500 -c 800
 command[check_process]=/usr/lib/nagios/plugins/check_process
 command[check_dns]=/usr/lib/nagios/plugins/check_dns -H google.com
-command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni 'www.brainsys.io' -C 14,3
-command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w {{ nrpe_eth_warning }} -c {{ nrpe_eth_critical }}
+{% if nrpe_ssl_host is defined %}
+command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni '{{ nrpe_ssl_host }}' -C 14,3
+{% endif %}
+command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w 12M -c 15M
 command[check_proc_fail2ban]=/usr/lib/nagios/plugins/check_procs -a fail2ban -w 1: -c 1:
 command[check_proc_age]=/usr/lib/nagios/plugins/check_proc_age -p <proc> -w 400 -c 600

 # disk
 # -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after
-command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /sys -x /dev/shm -X tmpfs -X nsfs -X proc -X sysfs -X devtmpfs -X overlay -X tracefs -w 10% -c 3% -W 10% -K 3% -H
+command[check_disk]=/usr/lib/nagios/plugins/check_disk -x /lib/init/rw -x /dev -x /dev/shm -x /sys -x /proc -X tmpfs -w 10% -c 3% -W 10% -K 3% -A -I '^/dev/loop.*$' -I '^/run/docker/.*$' -X overlay -x /sys/kernel/debug/tracing
+# -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after
+command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /run -x /sys -x /dev/shm -X tmpfs -X nsfs -X overlay -X fuse -X proc -X sysfs -X devtmpfs -w 10% -c 3% -W 10% -K 3% -H
 command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p /
 command[check_rw_root]=/usr/lib/nagios/plugins/check_rofs /
+{% if nrpe_disk is defined %}
+{% for target in nrpe_disk %}
 command[check_disk_data]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p /data
 command[check_rw_data]=/usr/lib/nagios/plugins/check_rofs /data
+{% endfor %}
+{% endif %}

+{% if nrpe_mysql is defined %}
 # mysql
-command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -d mysql -H 127.0.0.1
-command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -H 127.0.0.1 -w 600 -c 1200
+command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -d mysql
+command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -w 600 -c 1200
+{% endif %}

+{% if nrpe_postgresql is defined %}
 # postgresql
-command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p 5432
-command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=connection
-command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=backends -w 175 -c 190
-
-# raid
-command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm
-command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware
-
-# services
-command[check_proc_docker]=/usr/lib/nagios/plugins/check_systemd_service docker
-command[check_proc_haproxy]=/usr/lib/nagios/plugins/check_systemd_service haproxy
-command[check_proc_nginx]=/usr/lib/nagios/plugins/check_systemd_service nginx
-command[check_proc_php5.6]=/usr/lib/nagios/plugins/check_systemd_service php5.6-fpm
-command[check_proc_php7.0]=/usr/lib/nagios/plugins/check_systemd_service php7.0-fpm
-command[check_proc_php7.1]=/usr/lib/nagios/plugins/check_systemd_service php7.1-fpm
-command[check_proc_php7.2]=/usr/lib/nagios/plugins/check_systemd_service php7.2-fpm
-command[check_proc_php7.3]=/usr/lib/nagios/plugins/check_systemd_service php7.3-fpm
-command[check_proc_php7.4]=/usr/lib/nagios/plugins/check_systemd_service php7.4-fpm
-command[check_proc_php8.0]=/usr/lib/nagios/plugins/check_systemd_service php8.0-fpm
-command[check_proc_php8.1]=/usr/lib/nagios/plugins/check_systemd_service php8.1-fpm
-command[check_proc_mysql]=/usr/lib/nagios/plugins/check_systemd_service mysql
+command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p {{ nrpe_postgresql_port }}
 command[check_proc_postgresql]=/usr/lib/nagios/plugins/check_systemd_service postgresql
+command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }}  -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=connection
+command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }}  -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=backends -w {{ nrpe_postgresql_backend_warning }} -c {{ nrpe_postgresql_backend_critical }}
+{% endif %}
+
+{% if nrpe_mail is defined %}
+# mail
+command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25 -H {{ nrpe_smtp_host }}
+{% endif %}
+{% if nrpe_mail_service is defined %}
+{% if nrpe_mail_service == 'postfix' %}
+command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
+{% elif nrpe_mail_service == 'exim' %}
+command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
+{% endif %}
+{% endif %}
+
+{% if nrpe_raid_soft is defined %}
+command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm
+{% endif %}
+{% if nrpe_raid_3ware is defined %}
+command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware
+{% endif %}
+{% if nrpe_raid is defined %}
+command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_raid
+{% endif %}
+
+{% if nrpe_docker_container is defined %}
+{% for container in nrpe_docker_container %}
+command[check_docker_{{ container }}]=/usr/lib/nagios/plugins/check_docker --containers {{ container }}.* --status running --restarts 2:5 --present
+{% endfor %}
+{% endif %}
+
+{% if nrpe_process is defined %}
+{% for process in nrpe_process %}
+command[check_proc_{{ process }}]=/usr/lib/nagios/plugins/check_systemd_service {{ process }}
+{% endfor %}
+{% endif %}
+
--- a/templates/nrpe.sudoers.j2
+++ b/templates/nrpe.sudoers.j2
@ -1,2 +1,3 @@
-nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }}
-nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_exim_warning }} -c {{ nrpe_exim_critical }}
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_raid