This commit is contained in:
Ludovic Cartier 2024-12-17 17:26:32 +01:00
parent 85029a0f01
commit c3ab4a86d7
5 changed files with 121 additions and 84 deletions

View File

@ -1,20 +1,26 @@
---
nrpe_allowed_hosts: '127.0.0.1,212.85.154.82,51.158.69.165'
nrpe_allowed_hosts: '127.0.0.1,51.158.69.165'
nrpe_load_warning: '`cat /proc/cpuinfo |grep -c processor`'
nrpe_load_critical: '`echo "$(($(cat /proc/cpuinfo |grep -c processor) * 2 ))"`'
nrpe_load_warning: "{{ ansible_processor_cores|int }}"
nrpe_load_critical: "{{ (ansible_processor_cores * 2)|int }}"
nrpe_memory_warning: 80
nrpe_memory_critical: 90
nrpe_swap_warning: 40
nrpe_swap_critical: 60
nrpe_swap_warning: 70
nrpe_swap_critical: 80
nrpe_exim_warning: 10
nrpe_exim_critical: 20
nrpe_mailq_warning: 10
nrpe_mailq_critical: 20
nrpe_postfix_warning: 10
nrpe_postfix_critical: 20
nrpe_smtp_host: localhost
nrpe_eth_warning: '12M'
nrpe_eth_critical: '15M'
nrpe_postgresql_host: locahost
nrpe_postgresql_port: 5432
nrpe_postgresql_user: nagios
nrpe_postgresql_password: changeme_
nrpe_postgresql_backend_warning: 75
nrpe_postgresql_backend_critical: 90

View File

@ -1,3 +1,46 @@
---
- name: "monitoring | install nrpe"
include: nrpe.yml
- name: nrpe | apt update cache
apt:
update_cache: yes
cache_valid_time: 86400 #One day
- name: nrpe | install nrpe packages
apt:
name: "{{ item }}"
update_cache: true
state: present
with_items:
- nagios-nrpe-server
- monitoring-plugins
- monitoring-plugins-basic
- monitoring-plugins-common
- monitoring-plugins-standard
- libmonitoring-plugin-perl
- name: nrpe | copy nrpe configuration
template:
src: "nrpe.j2"
dest: "/etc/nagios/nrpe.d/brainsys.cfg"
mode: "0644"
force: yes
backup: yes
notify:
- restart nagios-nrpe-server
- name: nrpe | copy nrpe plugins
copy:
src: nrpe/
dest: /usr/lib/nagios/plugins
mode: 0755
- name: nrpe | restart nagios-nrpe-server
systemd:
state: restarted
name: nagios-nrpe-server
- name: nrpe | allow nagios user to specific sudo
template:
src: nrpe.sudoers.j2
dest: /etc/sudoers.d/nrpe
validate: 'visudo -cf %s'
mode: 0440

View File

@ -1,42 +0,0 @@
---
- name: nrpe | apt update cache
apt:
update_cache: yes
cache_valid_time: 86400 #One day
- name: nrpe | install nrpe packages
apt:
name: "{{ item }}"
update_cache: true
state: present
with_items:
- nagios-nrpe-server
- libmonitoring-plugin-perl
- monitoring-plugins-standard
- libdbd-mysql-perl
- name: nrpe | copy nrpe configuration
template:
src: "nrpe.j2"
dest: "/etc/nagios/nrpe.d/brainsys.cfg"
mode: "0644"
force: yes
backup: yes
- name: nrpe | copy nrpe plugins
copy:
src: nrpe/
dest: /usr/lib/nagios/plugins
mode: 0755
- name: nrpe | restart nagios-nrpe-server
systemd:
state: restarted
name: nagios-nrpe-server
- name: nrpe | allow nagios user to specific sudo
template:
src: nrpe.sudoers.j2
dest: /etc/sudoers.d/nrpe
validate: 'visudo -cf %s'
mode: 0440

View File

@ -1,51 +1,80 @@
# Ansible managed - DO NOT EDIT MANUALLY !
allowed_hosts={{ nrpe_allowed_hosts }}
dont_blame_nrpe=1
# base
command[check_load]=/usr/lib/nagios/plugins/check_load -w {{ nrpe_load_warning }} -c {{ nrpe_load_critical }}
command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }}
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }}
command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25
command[check_memory]=/usr/lib/nagios/plugins/check_memory -w {{ nrpe_memory_warning }} -c {{ nrpe_memory_critical }} -W {{ nrpe_swap_warning }} -C {{ nrpe_swap_critical }}
command[check_zombie_procs]=/usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/lib/nagios/plugins/check_procs -w 500 -c 800
command[check_process]=/usr/lib/nagios/plugins/check_process
command[check_dns]=/usr/lib/nagios/plugins/check_dns -H google.com
command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni 'www.brainsys.io' -C 14,3
command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w {{ nrpe_eth_warning }} -c {{ nrpe_eth_critical }}
{% if nrpe_ssl_host is defined %}
command[check_ssl]=/usr/lib/nagios/plugins/check_http --sni '{{ nrpe_ssl_host }}' -C 14,3
{% endif %}
command[check_eth]=/usr/lib/nagios/plugins/check_eth -i {{ ansible_default_ipv4.interface }} -w 12M -c 15M
command[check_proc_fail2ban]=/usr/lib/nagios/plugins/check_procs -a fail2ban -w 1: -c 1:
command[check_proc_age]=/usr/lib/nagios/plugins/check_proc_age -p <proc> -w 400 -c 600
# disk
# -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after
command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /sys -x /dev/shm -X tmpfs -X nsfs -X proc -X sysfs -X devtmpfs -X overlay -X tracefs -w 10% -c 3% -W 10% -K 3% -H
command[check_disk]=/usr/lib/nagios/plugins/check_disk -x /lib/init/rw -x /dev -x /dev/shm -x /sys -x /proc -X tmpfs -w 10% -c 3% -W 10% -K 3% -A -I '^/dev/loop.*$' -I '^/run/docker/.*$' -X overlay -x /sys/kernel/debug/tracing
# -w space warning / -c space critical / -W inode warning / -K inode criticak / -C reset after
command[check_disk_advanced]=/usr/lib/nagios/plugins/check_disk_advanced -x /lib/init/rw -x /run -x /sys -x /dev/shm -X tmpfs -X nsfs -X overlay -X fuse -X proc -X sysfs -X devtmpfs -w 10% -c 3% -W 10% -K 3% -H
command[check_disk_root]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p /
command[check_rw_root]=/usr/lib/nagios/plugins/check_rofs /
{% if nrpe_disk is defined %}
{% for target in nrpe_disk %}
command[check_disk_data]=/usr/lib/nagios/plugins/check_disk -w 30% -W 30% -c 10% -K 10% -p /data
command[check_rw_data]=/usr/lib/nagios/plugins/check_rofs /data
{% endfor %}
{% endif %}
{% if nrpe_mysql is defined %}
# mysql
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -d mysql -H 127.0.0.1
command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u nagios -pBu[VetFeifoipVithlok2odHabrAiltAjHavciUjRi -H 127.0.0.1 -w 600 -c 1200
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -d mysql
command[check_mysql_longqueries]=/usr/lib/nagios/plugins/check_mysql_longqueries -u {{ nrpe_mysql_user }} -p{{ nrpe_mysql_password }} -H {{ nrpe_mysql_host }} -w 600 -c 1200
{% endif %}
{% if nrpe_postgresql is defined %}
# postgresql
command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p 5432
command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=connection
command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H 127.0.0.1 -p 5432 --dbuser=nagios --dbpass=uDUTHt14FC3w4cE9vRk4XyZFD3KWlx --action=backends -w 175 -c 190
# raid
command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm
command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware
# services
command[check_proc_docker]=/usr/lib/nagios/plugins/check_systemd_service docker
command[check_proc_haproxy]=/usr/lib/nagios/plugins/check_systemd_service haproxy
command[check_proc_nginx]=/usr/lib/nagios/plugins/check_systemd_service nginx
command[check_proc_php5.6]=/usr/lib/nagios/plugins/check_systemd_service php5.6-fpm
command[check_proc_php7.0]=/usr/lib/nagios/plugins/check_systemd_service php7.0-fpm
command[check_proc_php7.1]=/usr/lib/nagios/plugins/check_systemd_service php7.1-fpm
command[check_proc_php7.2]=/usr/lib/nagios/plugins/check_systemd_service php7.2-fpm
command[check_proc_php7.3]=/usr/lib/nagios/plugins/check_systemd_service php7.3-fpm
command[check_proc_php7.4]=/usr/lib/nagios/plugins/check_systemd_service php7.4-fpm
command[check_proc_php8.0]=/usr/lib/nagios/plugins/check_systemd_service php8.0-fpm
command[check_proc_php8.1]=/usr/lib/nagios/plugins/check_systemd_service php8.1-fpm
command[check_proc_mysql]=/usr/lib/nagios/plugins/check_systemd_service mysql
command[check_pgsql_port]=/usr/lib/nagios/plugins/check_tcp -p {{ nrpe_postgresql_port }}
command[check_proc_postgresql]=/usr/lib/nagios/plugins/check_systemd_service postgresql
command[check_pgsql_connection]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }} -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=connection
command[check_pgsql_backends]=/usr/lib/nagios/plugins/check_postgresql -H {{ nrpe_postgresql_host }} -p {{ nrpe_postgresql_port }} --dbuser={{ nrpe_postgresql_user }} --dbpass={{ nrpe_postgresql_password }} --action=backends -w {{ nrpe_postgresql_backend_warning }} -c {{ nrpe_postgresql_backend_critical }}
{% endif %}
{% if nrpe_mail is defined %}
# mail
command[check_smtp]=/usr/lib/nagios/plugins/check_tcp -p 25 -H {{ nrpe_smtp_host }}
{% endif %}
{% if nrpe_mail_service is defined %}
{% if nrpe_mail_service == 'postfix' %}
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
{% elif nrpe_mail_service == 'exim' %}
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
{% endif %}
{% endif %}
{% if nrpe_raid_soft is defined %}
command[check_mdadm]=/usr/lib/nagios/plugins/check_mdadm
{% endif %}
{% if nrpe_raid_3ware is defined %}
command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_3ware
{% endif %}
{% if nrpe_raid is defined %}
command[check_3ware]=/usr/bin/sudo /usr/lib/nagios/plugins/check_raid
{% endif %}
{% if nrpe_docker_container is defined %}
{% for container in nrpe_docker_container %}
command[check_docker_{{ container }}]=/usr/lib/nagios/plugins/check_docker --containers {{ container }}.* --status running --restarts 2:5 --present
{% endfor %}
{% endif %}
{% if nrpe_process is defined %}
{% for process in nrpe_process %}
command[check_proc_{{ process }}]=/usr/lib/nagios/plugins/check_systemd_service {{ process }}
{% endfor %}
{% endif %}

View File

@ -1,2 +1,3 @@
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_postfix_warning }} -c {{ nrpe_postfix_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_exim_warning }} -c {{ nrpe_exim_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_raid