jriou/ansible-pilote
1
0
Fork 0
Code Issues Pull requests Activity

feat: Add SSL to nagios and NRPE

Browse source 
Signed-off-by: Julien Riou <julien@riou.xyz>
This commit is contained in:
Julien Riou 2026-04-09 12:07:14 +02:00
commit 6efcdbf337
Signed by: jriou
GPG key ID: 9A099EDA51316854
4 changed files with 149 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

67
group_vars/README.md
View file

@ -343,6 +343,35 @@ mosquitto_passwords:
See [mosquitto_passwd](https://mosquitto.org/man/mosquitto_passwd-1.html)
command to generate the hash file.
## nagios_ssl_remote_ca_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the CA file on the remote host. This file will be copied to
`/etc/nagios4/ca.crt`.
```yaml
nagios_ssl_remote_ca_file: /usr/local/share/ca-certificates/homelab.crt
```
## nagios_ssl_remote_cert_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the cert file on the remote host. This file will be copied to
`/etc/nagios4/client.crt`.
```yaml
nagios_ssl_remote_cert_file: /etc/letsencrypt/live/pilote.fqdn/fullchain.pem
```
## nagios_ssl_remote_key_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the key file on the remote host. This file will be copied to
`/etc/nagios4/client.key`.
```yaml
nagios_ssl_remote_key_file: /etc/letsencrypt/live/pilote.fqdn/privkey.pem
```
## nagios_commands
List of Nagios commands.
@ -559,6 +588,44 @@ Options for the NRPE daemon.
nrpe_opts: '-n' # Disable TLS
```
## nrpe_enable_ssl
True to enable SSL settings. Requires `nrpe_ssl_remote_cert_file` and
`nrpe_ssl_remote_key_file` to be defined.
```yaml
nrpe_enable_ssl: false
```
## nrpe_ssl_remote_ca_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the CA file on the remote host. This file will be copied to
`/etc/nagios/ca.crt`.
```yaml
nrpe_ssl_remote_ca_file: /usr/local/share/ca-certificates/homelab.crt
```
## nrpe_ssl_remote_cert_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the cert file on the remote host. This file will be copied to
`/etc/nagios/server.crt`.
```yaml
nrpe_ssl_remote_cert_file: /etc/letsencrypt/live/pilote.fqdn/fullchain.pem
```
## nrpe_ssl_remote_key_file
If a SSL certificate is managed by a third party tool (like certbot), define
the path to the key file on the remote host. This file will be copied to
`/etc/nagios/server.key`.
```yaml
nrpe_ssl_remote_key_file: /etc/letsencrypt/live/pilote.fqdn/privkey.pem
```
## openvpn_ca
Content of the certificate of the Certificate Authority (CA) used to certify