ansible-pilote/tasks/nagios.yml

121 lines
2.8 KiB
YAML
Raw Normal View History

---
- name: Install nagios
ansible.builtin.package:
name:
- nagios4
- git
- nagios-nrpe-plugin
- python3-jinja2
- python3-requests
- python3-jsonschema
- python3-pexpect
- name: Generate nagios configurations
ansible.builtin.template:
src: "nagios/conf.d/{{ item }}.cfg.j2"
dest: "/etc/nagios4/conf.d/{{ item }}.cfg"
mode: "0644"
loop:
- commands
- hosts
- hostgroups
- services
- templates
- name: Copy nagios contacts configuration
ansible.builtin.template:
src: nagios/contacts.cfg.j2
dest: /etc/nagios4/objects/contacts.cfg
mode: "0644"
- name: Copy check_timesyncd
ansible.builtin.copy:
src: files/nagios/check_timesyncd
dest: /usr/lib/nagios/plugins/check_timesyncd
mode: '0755'
- name: Deploy sudoers rule for nagios
community.general.sudoers:
name: nagios
user: nagios
commands:
- /usr/lib/nagios/plugins/
- name: Clone notify-by-telegram source code
ansible.builtin.git:
repo: https://github.com/jouir/notify-by-telegram.git
dest: /opt/notify-by-telegram
- name: Configure notify-by-telegram
ansible.builtin.copy:
content: "{{ {'auth_key': nagios_telegram_auth_key, 'chat_id': nagios_telegram_chat_id} | to_json }}"
dest: /etc/nagios4/telegram.json
owner: root
group: nagios
mode: '0640'
- name: Clone nagios-plugin-bacula source code
ansible.builtin.git:
repo: https://github.com/twpayne/nagios-plugin-bacula.git
dest: /opt/nagios-plugin-bacula
- name: Copy global configuration
ansible.builtin.copy:
src: files/nagios/nagios.cfg
dest: /etc/nagios4/nagios.cfg
mode: "0644"
- name: Copy CGI configuration
ansible.builtin.copy:
src: files/nagios/cgi.cfg
dest: /etc/nagios4/cgi.cfg
mode: "0644"
- name: Reload nagios
ansible.builtin.service:
name: nagios4
state: reloaded
enabled: true
- name: Configure htaccess for the web interface
ansible.builtin.template:
src: nagios/htdigest.users.j2
dest: /etc/nagios4/htdigest.users
mode: "0644"
- name: Secure Apache
ansible.builtin.copy:
src: files/nagios/security.conf
dest: /etc/apache2/conf-available/security.conf
mode: "0644"
- name: Configure vhost for the web interface
ansible.builtin.copy:
src: files/nagios/apache2.conf
dest: /etc/nagios4/apache2.conf
mode: "0644"
- name: Enable Apache modules
ansible.builtin.command:
cmd: "a2enmod {{ item }}"
loop:
- auth_digest
- headers
- cgi
changed_when: true
- name: Restart apache
ansible.builtin.service:
name: apache2
state: restarted
enabled: true
- name: Allow HTTP from vpn
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
source: "{{ openvpn_subnet }}"
destination_port: "80"
jump: ACCEPT
comment: allow http from vpn