Ansible: Nützliche playbooks für den linux admin

Einige mützliche Ansible playbooks vorgestellt.

Mittels folgendem Ansible playbook lässt sich nrpe sowohl auf RHEL/CentOS wie auch auf Debian hosts installieren:

icinga-client.yaml

---
- hosts: monitored-servers
  tasks:
    # NRPE nad nagios-plugins
  - name: nrpe installation
    yum: pkg=nrpe state=latest
    yum: pkg=nagios-plugins-all state=latest
    when: ansible_os_family == "RedHat"
  - name: nrpe installation
    apt: pkg=nagios-nrpe-server state=latest
    apt: pkg=nagios-plugins state=latest
    when: ansible_os_family == "Debian"
 
    # local plugins directory
  - name: prepare local-plugins directory
    file: path=/usr/local/lib/nagios/plugins/ state=directory owner=root group=nrpe mode=0750
    when: ansible_os_family == "RedHat"
  - name: prepare local-plugins directory
    file: path=/usr/local/lib/nagios/plugins/ state=directory owner=root group=nagios mode=0750
    when: ansible_os_family == "Debian"
 
    # copy local plugins
  - name: copy local plugins
    copy:
      src=/etc/ansible/templates/linux/x86_64/usr/local/lib/nagios/plugins/
      dest=/usr/local/lib/nagios/plugins/
      owner=root
      group=nrpe
      mode=0750
    notify:
      - restart nrpe
    when: ansible_os_family == "RedHat"
  - name: copy local plugins
    copy:
      src=/etc/ansible/templates/linux/x86_64/usr/local/lib/nagios/plugins/
      dest=/usr/local/lib/nagios/plugins/
      owner=root
      group=nagios
      mode=0750
    notify:
      - restart nrpe
    when: ansible_os_family == "Debian"
 
    # Unify plugins directory (debian)
  - name: unify plugins directory debian
    replace: dest=/etc/nagios/nrpe.d/nagios-plugins.cfg regexp='/lib64/' replace='/lib/'
    notify:
      - restart nrpe
    when: ansible_os_family == "Debian"
 
 
    # Modify nrpe.cfg
  - name: change allowed hosts
    lineinfile: dest=/etc/nagios/nrpe.cfg regexp="allowed_hosts=" line="#allowed_hosts=127.0.0.1"
    notify:
      - restart nrpe
  - name: change dont_blame_nrpe
    lineinfile: dest=/etc/nagios/nrpe.cfg regexp="^dont_blame_nrpe=" line="dont_blame_nrpe=1"
    notify:
      - restart nrpe
 
    # copy nrpe-commands
  - name: copy nrpe-commands
    copy:
      src=/etc/ansible/templates/linux/x86_64/etc/nrpe.d/
      dest=/etc/nrpe.d/
      owner=root
      group=nrpe
      mode=0640
    notify:
      - restart nrpe
    when: ansible_os_family == "RedHat"
  - name: copy nrpe-commands
    copy:
      src=/etc/ansible/templates/linux/x86_64/etc/nrpe.d/
      dest=/etc/nagios/nrpe.d/
      owner=root
      group=nagios
      mode=0640
    notify:
      - restart nrpe
    when: ansible_os_family == "Debian"
 
    # startup
  - name: ensure nrpe is running and started automatically
    service: name=nrpe state=started enabled=yes
    when: ansible_os_family == "RedHat"
  - name: ensure nrpe is running and started automatically
    service: name=nagios-nrpe-server state=started enabled=yes
    when: ansible_os_family == "Debian"
 
 
  handlers:
    # restart
  - name: restart nrpe
    service: name=nrpe state=restarted
    when: ansible_os_family == "RedHat"
  - name: restart nrpe
    service: name=nagios-nrpe-server state=restarted
    when: ansible_os_family == "Debian"

base-packages.yaml

---
- hosts: ebs-v-app02
  tasks:
  - name: install the EPEL repo
    yum: name=http://mirror.switch.ch/ftp/mirror/epel/6/i386/epel-release-6-8.noarch.rpm
 
  - name: base packages yum installation
    yum: pkg={{item}}
    with_items:
     # Local repository
     - openssh-clients
     - man
     - wget
     - crontabs
     - mlocate
     - bind-utils
     - ntp
     - ftp
     - perl
     - telnet
     - lsof
     - sudo
     - smartmontools
     - tmux
     - unzip
     - samba-client
     - rsync
     - unzip
     - expat
     - yum-priorities
     - yum-security
     - vim
     - cifs-utils
     - nfs-utils
     - tcpdump
     # remote repositoories (like epel)
     - atop
     - htop
     - tmux
    when: ansible_os_family == "RedHat"
 
#  - name: Install nrpe
#    include: icinga-client.yaml
 
#  - name: Install bacula-fd
#    include: bacula-fd.yaml
 
  # set atop file retention to 20 days instead of 40 days
  - name: change atop file retention
    lineinfile: dest=/etc/logrotate.d/atop regexp="\-mtime \+40" line="      /usr/bin/find /var/log/atop/ -maxdepth 1 -mount -name atop_201\[0-9\]\[0-9\]\[0-9\]\[0-9\]\[0-9\]\* -mtime +20 -exec /bin/rm {} \;"
    # in ansible 1.6 use this:
    #replace: dest=/etc/logrotate.d/atop regexp='\-mtime \+40' replace='-mtime +20'
    tags:
      - atop-logrotate
 
  - name: copy confcat
    template:
      src=/etc/ansible/templates/linux/x86_64/usr/local/bin/confcat
      dest=/usr/local/bin/confcat
      owner=root group=root mode=0755
 
  # enable/disable services
  - name: "disable iptables"
    service: name=iptables enabled=no state=stopped
 
  - name: "enable ntpd"
    service: name=ntpd enabled=yes state=started
 
  - name: upgrade all packages
    yum: name=* state=latest

system-baseconfig.yaml

---
- hosts: ebs-v-app06
  tasks:
  - name: "extend HISTSIZE variable"
    lineinfile: dest=/etc/profile regexp="^HISTSIZE=" line="HISTSIZE=100000"
 
  - name: "change directory colors"
    lineinfile: 'dest="/etc/DIR_COLORS" regexp="^DIR" line="DIR 01;33       # directory"'
 
  - name: "Disable selinux"
    lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=disabled
 
  - name: "configure NTP"
    template:
      src=/etc/ansible/templates/linux/x86_64/etc/ntp.conf
      dest=/etc/ntp.conf

Published by

Steven Varco

Steven ist ein Redhat RHCE- und Kubernetes CKA Zertifizierter Linux-Crack und ist seit über 20 Jahren sowohl beruflich wie auch privat auf Linux spezialisiert. In seinem Keller steht ein Server Rack mit diversen ESX und Linux Servern.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert