Einige mützliche Ansible playbooks vorgestellt.
Mittels folgendem Ansible playbook lässt sich nrpe sowohl auf RHEL/CentOS wie auch auf Debian hosts installieren:
icinga-client.yaml
--- - hosts: monitored-servers tasks: # NRPE nad nagios-plugins - name: nrpe installation yum: pkg=nrpe state=latest yum: pkg=nagios-plugins-all state=latest when: ansible_os_family == "RedHat" - name: nrpe installation apt: pkg=nagios-nrpe-server state=latest apt: pkg=nagios-plugins state=latest when: ansible_os_family == "Debian" # local plugins directory - name: prepare local-plugins directory file: path=/usr/local/lib/nagios/plugins/ state=directory owner=root group=nrpe mode=0750 when: ansible_os_family == "RedHat" - name: prepare local-plugins directory file: path=/usr/local/lib/nagios/plugins/ state=directory owner=root group=nagios mode=0750 when: ansible_os_family == "Debian" # copy local plugins - name: copy local plugins copy: src=/etc/ansible/templates/linux/x86_64/usr/local/lib/nagios/plugins/ dest=/usr/local/lib/nagios/plugins/ owner=root group=nrpe mode=0750 notify: - restart nrpe when: ansible_os_family == "RedHat" - name: copy local plugins copy: src=/etc/ansible/templates/linux/x86_64/usr/local/lib/nagios/plugins/ dest=/usr/local/lib/nagios/plugins/ owner=root group=nagios mode=0750 notify: - restart nrpe when: ansible_os_family == "Debian" # Unify plugins directory (debian) - name: unify plugins directory debian replace: dest=/etc/nagios/nrpe.d/nagios-plugins.cfg regexp='/lib64/' replace='/lib/' notify: - restart nrpe when: ansible_os_family == "Debian" # Modify nrpe.cfg - name: change allowed hosts lineinfile: dest=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="#allowed_hosts=127.0.0.1" notify: - restart nrpe - name: change dont_blame_nrpe lineinfile: dest=/etc/nagios/nrpe.cfg regexp="^dont_blame_nrpe=" line="dont_blame_nrpe=1" notify: - restart nrpe # copy nrpe-commands - name: copy nrpe-commands copy: src=/etc/ansible/templates/linux/x86_64/etc/nrpe.d/ dest=/etc/nrpe.d/ owner=root group=nrpe mode=0640 notify: - restart nrpe when: ansible_os_family == "RedHat" - name: copy nrpe-commands copy: src=/etc/ansible/templates/linux/x86_64/etc/nrpe.d/ dest=/etc/nagios/nrpe.d/ owner=root group=nagios mode=0640 notify: - restart nrpe when: ansible_os_family == "Debian" # startup - name: ensure nrpe is running and started automatically service: name=nrpe state=started enabled=yes when: ansible_os_family == "RedHat" - name: ensure nrpe is running and started automatically service: name=nagios-nrpe-server state=started enabled=yes when: ansible_os_family == "Debian" handlers: # restart - name: restart nrpe service: name=nrpe state=restarted when: ansible_os_family == "RedHat" - name: restart nrpe service: name=nagios-nrpe-server state=restarted when: ansible_os_family == "Debian" |
base-packages.yaml
--- - hosts: ebs-v-app02 tasks: - name: install the EPEL repo yum: name=http://mirror.switch.ch/ftp/mirror/epel/6/i386/epel-release-6-8.noarch.rpm - name: base packages yum installation yum: pkg={{item}} with_items: # Local repository - openssh-clients - man - wget - crontabs - mlocate - bind-utils - ntp - ftp - perl - telnet - lsof - sudo - smartmontools - tmux - unzip - samba-client - rsync - unzip - expat - yum-priorities - yum-security - vim - cifs-utils - nfs-utils - tcpdump # remote repositoories (like epel) - atop - htop - tmux when: ansible_os_family == "RedHat" # - name: Install nrpe # include: icinga-client.yaml # - name: Install bacula-fd # include: bacula-fd.yaml # set atop file retention to 20 days instead of 40 days - name: change atop file retention lineinfile: dest=/etc/logrotate.d/atop regexp="\-mtime \+40" line=" /usr/bin/find /var/log/atop/ -maxdepth 1 -mount -name atop_201\[0-9\]\[0-9\]\[0-9\]\[0-9\]\[0-9\]\* -mtime +20 -exec /bin/rm {} \;" # in ansible 1.6 use this: #replace: dest=/etc/logrotate.d/atop regexp='\-mtime \+40' replace='-mtime +20' tags: - atop-logrotate - name: copy confcat template: src=/etc/ansible/templates/linux/x86_64/usr/local/bin/confcat dest=/usr/local/bin/confcat owner=root group=root mode=0755 # enable/disable services - name: "disable iptables" service: name=iptables enabled=no state=stopped - name: "enable ntpd" service: name=ntpd enabled=yes state=started - name: upgrade all packages yum: name=* state=latest |
system-baseconfig.yaml
--- - hosts: ebs-v-app06 tasks: - name: "extend HISTSIZE variable" lineinfile: dest=/etc/profile regexp="^HISTSIZE=" line="HISTSIZE=100000" - name: "change directory colors" lineinfile: 'dest="/etc/DIR_COLORS" regexp="^DIR" line="DIR 01;33 # directory"' - name: "Disable selinux" lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=disabled - name: "configure NTP" template: src=/etc/ansible/templates/linux/x86_64/etc/ntp.conf dest=/etc/ntp.conf |