From 4d0b005181e2c5c1b9fc09f0693b590448420d1d Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 15 Aug 2021 14:24:35 -0500 Subject: [PATCH] Add NRPE role, provision checks for it --- playbooks/nrpe.yml | 36 ++++++++++ playbooks/tasks/web/nagios-hosts.cfg.j2 | 25 +++++++ requirements.yml | 4 ++ roles/nrpe/.editorconfig | 46 +++++++++++++ roles/nrpe/.flake8 | 2 + roles/nrpe/.github/dependabot.yml | 8 +++ roles/nrpe/.github/settings.yml | 6 ++ roles/nrpe/.github/stale.yml | 2 + roles/nrpe/.github/workflows/ansible-ci.yml | 46 +++++++++++++ .../.github/workflows/ansible-release.yml | 21 ++++++ .../.github/workflows/codeql-analysis.yml | 59 ++++++++++++++++ roles/nrpe/.gitignore | 15 ++++ roles/nrpe/.yamllint.yml | 12 ++++ roles/nrpe/LICENSE | 21 ++++++ roles/nrpe/README.md | 51 ++++++++++++++ roles/nrpe/defaults/main.yml | 7 ++ roles/nrpe/handlers/main.yml | 5 ++ roles/nrpe/meta/.galaxy_install_info | 2 + roles/nrpe/meta/main.yml | 32 +++++++++ .../molecule/os-family-debian/INSTALL.rst | 22 ++++++ .../molecule/os-family-debian/converge.yml | 5 ++ .../molecule/os-family-debian/molecule.yml | 47 +++++++++++++ .../molecule/os-family-debian/prepare.yml | 27 ++++++++ .../os-family-debian/tests/conftest.py | 23 +++++++ .../os-family-debian/tests/test_default.py | 11 +++ .../molecule/os-family-redhat/INSTALL.rst | 22 ++++++ .../molecule/os-family-redhat/converge.yml | 5 ++ .../molecule/os-family-redhat/molecule.yml | 47 +++++++++++++ .../molecule/os-family-redhat/prepare.yml | 27 ++++++++ .../os-family-redhat/tests/conftest.py | 23 +++++++ .../os-family-redhat/tests/test_default.py | 11 +++ roles/nrpe/tasks/main.yml | 68 +++++++++++++++++++ roles/nrpe/templates/nrpe_local.cfg.j2 | 11 +++ roles/nrpe/tests/inventory | 1 + roles/nrpe/tests/test.yml | 5 ++ roles/nrpe/tox.ini | 20 ++++++ roles/nrpe/vars/debian.yml | 7 ++ roles/nrpe/vars/main.yml | 2 + roles/nrpe/vars/redhat.yml | 7 ++ site.yml | 1 + 40 files changed, 792 insertions(+) create mode 100755 playbooks/nrpe.yml create mode 100644 roles/nrpe/.editorconfig create mode 100644 roles/nrpe/.flake8 create mode 100644 roles/nrpe/.github/dependabot.yml create mode 100644 roles/nrpe/.github/settings.yml create mode 100644 roles/nrpe/.github/stale.yml create mode 100644 roles/nrpe/.github/workflows/ansible-ci.yml create mode 100644 roles/nrpe/.github/workflows/ansible-release.yml create mode 100644 roles/nrpe/.github/workflows/codeql-analysis.yml create mode 100644 roles/nrpe/.gitignore create mode 100644 roles/nrpe/.yamllint.yml create mode 100644 roles/nrpe/LICENSE create mode 100644 roles/nrpe/README.md create mode 100644 roles/nrpe/defaults/main.yml create mode 100644 roles/nrpe/handlers/main.yml create mode 100644 roles/nrpe/meta/.galaxy_install_info create mode 100644 roles/nrpe/meta/main.yml create mode 100644 roles/nrpe/molecule/os-family-debian/INSTALL.rst create mode 100644 roles/nrpe/molecule/os-family-debian/converge.yml create mode 100644 roles/nrpe/molecule/os-family-debian/molecule.yml create mode 100644 roles/nrpe/molecule/os-family-debian/prepare.yml create mode 100644 roles/nrpe/molecule/os-family-debian/tests/conftest.py create mode 100644 roles/nrpe/molecule/os-family-debian/tests/test_default.py create mode 100644 roles/nrpe/molecule/os-family-redhat/INSTALL.rst create mode 100644 roles/nrpe/molecule/os-family-redhat/converge.yml create mode 100644 roles/nrpe/molecule/os-family-redhat/molecule.yml create mode 100644 roles/nrpe/molecule/os-family-redhat/prepare.yml create mode 100644 roles/nrpe/molecule/os-family-redhat/tests/conftest.py create mode 100644 roles/nrpe/molecule/os-family-redhat/tests/test_default.py create mode 100644 roles/nrpe/tasks/main.yml create mode 100644 roles/nrpe/templates/nrpe_local.cfg.j2 create mode 100644 roles/nrpe/tests/inventory create mode 100644 roles/nrpe/tests/test.yml create mode 100644 roles/nrpe/tox.ini create mode 100644 roles/nrpe/vars/debian.yml create mode 100644 roles/nrpe/vars/main.yml create mode 100644 roles/nrpe/vars/redhat.yml diff --git a/playbooks/nrpe.yml b/playbooks/nrpe.yml new file mode 100755 index 0000000..a92a6fb --- /dev/null +++ b/playbooks/nrpe.yml @@ -0,0 +1,36 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +--- +- hosts: tags_nagios-nrpe + roles: + - role: nrpe + vars: + nrpe_server_bind_address: 0.0.0.0 + nrpe_server_allowed_hosts: + - 172.23.0.0/16 # Entire Zerotier management network + - 45.79.24.6/32 # web3.desu.ltd + nrpe_plugin_packages: + - monitoring-plugins + - nagios-plugins-contrib + nrpe_command: + check_disk_all: + script: check_disk + option: -M -u GB -A -X tmpfs -X overlay -X shm -w 80% -c 90% -W 80% -K 90% -I '^/run/' + check_load: + script: check_load + option: -r -w 0.8,0.7,0.7 -c 1.0,0.9,0.9 + check_swap: + script: check_swap + option: -n ok -w 70% -c 80% + check_users: + script: check_users + option: -w 3 -c 10 + tags: [ nrpe ] +- hosts: all + tasks: + - name: disable nrped when not tagged + systemd: name={{ item }} state=stopped enabled=no + with_items: + - nagios-nrpe-server.service + when: "'tags_nagios-nrpe' not in group_names and item in services" + tags: [ zerotier ] diff --git a/playbooks/tasks/web/nagios-hosts.cfg.j2 b/playbooks/tasks/web/nagios-hosts.cfg.j2 index b575b93..6afc3a7 100644 --- a/playbooks/tasks/web/nagios-hosts.cfg.j2 +++ b/playbooks/tasks/web/nagios-hosts.cfg.j2 @@ -55,6 +55,11 @@ define command { command_name check_snmp_storage_v3 command_line /opt/Custom-Nagios-Plugins/check_snmp_storage.pl -H $HOSTADDRESS$ -l {{ secret_snmp_rouser_username }} -x {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -L sha,aes -t 20 -m $ARG1$ -w $ARG2$ -c $ARG3$ } +define command { + # This command is included in the container image + command_name check_nrpe + command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ +} # Services for all hosts define service { @@ -84,6 +89,26 @@ define service { hostgroup_name snmp } +# Services for NRPE-capable hosts +define service { + use ansible-generic-service + service_description NRPE Check Disk + check_command check_nrpe!check_disk_all + hostgroup_name nagios-nrpe +} +define service { + use ansible-generic-service + service_description NRPE Check Users + check_command check_nrpe!check_users + hostgroup_name nagios-nrpe +} +define service { + use ansible-generic-service + service_description NRPE Check Load + check_command check_nrpe!check_load + hostgroup_name nagios-nrpe +} + # Hostgroups # Everything here is dynamically-generated based on tags from Netbox {% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %} diff --git a/requirements.yml b/requirements.yml index 599caaf..8e353aa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -57,3 +57,7 @@ roles: - name: snmpd src: oefenweb.snmpd version: master + # Upstream: https://github.com/hspaans/ansible-role-nrpe + - name: nrpe + src: hspaans.nrpe + version: master diff --git a/roles/nrpe/.editorconfig b/roles/nrpe/.editorconfig new file mode 100644 index 0000000..8c8d0d4 --- /dev/null +++ b/roles/nrpe/.editorconfig @@ -0,0 +1,46 @@ +# https://editorconfig.org/ + +root = true + +[*] +indent_style = space +indent_size = 4 +trim_trailing_whitespace = true +end_of_line = lf +charset = utf-8 + +# Docstrings and comments use max_line_length = 79 +[*.py] +insert_final_newline = true +max_line_length = 119 + +# Use 2 spaces for the HTML files +[*.html] +indent_size = 2 + +# Use 2 spaces for the Markdown files +[*.md] +indent_size = 2 +insert_final_newline = true + +# The JSON files contain newlines inconsistently +[*.json] +indent_size = 2 + +# Makefiles always use tabs for indentation +[Makefile] +indent_style = tab +insert_final_newline = true + +# Batch files use tabs for indentation +[*.bat] +indent_style = tab +insert_final_newline = true + +[docs/**.txt] +insert_final_newline = true +max_line_length = 79 + +[*.yml] +indent_size = 2 +insert_final_newline = true \ No newline at end of file diff --git a/roles/nrpe/.flake8 b/roles/nrpe/.flake8 new file mode 100644 index 0000000..6deafc2 --- /dev/null +++ b/roles/nrpe/.flake8 @@ -0,0 +1,2 @@ +[flake8] +max-line-length = 120 diff --git a/roles/nrpe/.github/dependabot.yml b/roles/nrpe/.github/dependabot.yml new file mode 100644 index 0000000..da47f20 --- /dev/null +++ b/roles/nrpe/.github/dependabot.yml @@ -0,0 +1,8 @@ +--- +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly + open-pull-requests-limit: 10 diff --git a/roles/nrpe/.github/settings.yml b/roles/nrpe/.github/settings.yml new file mode 100644 index 0000000..f68e4bc --- /dev/null +++ b/roles/nrpe/.github/settings.yml @@ -0,0 +1,6 @@ +--- +repository: + description: Ansible Role for Nagios Remote Plugin Executor + topics: ansible, ansible-role, nagios, nrpe, agent, monitoring + delete_branch_on_merge: true + has_wiki: false diff --git a/roles/nrpe/.github/stale.yml b/roles/nrpe/.github/stale.yml new file mode 100644 index 0000000..7dd2d28 --- /dev/null +++ b/roles/nrpe/.github/stale.yml @@ -0,0 +1,2 @@ +--- +_extends: .github:.github/stale.yml diff --git a/roles/nrpe/.github/workflows/ansible-ci.yml b/roles/nrpe/.github/workflows/ansible-ci.yml new file mode 100644 index 0000000..5577146 --- /dev/null +++ b/roles/nrpe/.github/workflows/ansible-ci.yml @@ -0,0 +1,46 @@ +--- +name: CI + +on: + pull_request: + schedule: + - cron: '30 5 15 * *' + +jobs: + + lint: + name: Lint Code Base + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v2.3.4 + + - name: Lint Code Base + uses: github/super-linter@v4.6.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + molecule: + needs: lint + name: Molecule + runs-on: ubuntu-latest + + steps: + - name: Check out the codebase + uses: actions/checkout@v2.3.4 + + - name: Set up Python 3 + uses: actions/setup-python@v2.2.2 + with: + python-version: "3.x" + + - name: Install Tox + run: | + pip3 install tox + + - name: Run Molecule tests + run: tox + env: + PY_COLORS: "1" + ANSIBLE_FORCE_COLOR: "1" diff --git a/roles/nrpe/.github/workflows/ansible-release.yml b/roles/nrpe/.github/workflows/ansible-release.yml new file mode 100644 index 0000000..8e4f30d --- /dev/null +++ b/roles/nrpe/.github/workflows/ansible-release.yml @@ -0,0 +1,21 @@ +--- +name: Release to Ansible Galaxy + +on: + push: + tags: + - v* + branches: + - master + +jobs: + release: + name: Release to Ansible Galaxy + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Release Ansible Role to Galaxy + uses: hspaans/ansible-galaxy-action@v0.3.3 + with: + api_key: ${{ secrets.galaxy_api_key }} diff --git a/roles/nrpe/.github/workflows/codeql-analysis.yml b/roles/nrpe/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..ca0d5c4 --- /dev/null +++ b/roles/nrpe/.github/workflows/codeql-analysis.yml @@ -0,0 +1,59 @@ +--- +name: "CodeQL" + +on: + pull_request: + branches: + - master + schedule: + - cron: "35 22 * * 4" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["python"] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/roles/nrpe/.gitignore b/roles/nrpe/.gitignore new file mode 100644 index 0000000..d8de824 --- /dev/null +++ b/roles/nrpe/.gitignore @@ -0,0 +1,15 @@ +## Ansible +*.retry +.ansible_cache + +## Molecule +.cache +.molecule +.tox +.vagrant + +## Python +.pytest_cache/ +__pycache__/ +*.py[cod] +*$py.class diff --git a/roles/nrpe/.yamllint.yml b/roles/nrpe/.yamllint.yml new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/roles/nrpe/.yamllint.yml @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/roles/nrpe/LICENSE b/roles/nrpe/LICENSE new file mode 100644 index 0000000..b067d20 --- /dev/null +++ b/roles/nrpe/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Hans Spaans + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/roles/nrpe/README.md b/roles/nrpe/README.md new file mode 100644 index 0000000..6b31c8a --- /dev/null +++ b/roles/nrpe/README.md @@ -0,0 +1,51 @@ +# Role Name + +Install and configure NRPE + +## Requirements + +None as the nrpe package is being installed. + +## Role Variables + +Default variables are set in `defaults/main.yml`. + +## Dependencies + +No dependency on other Ansible Galaxy roles. + +## Example Playbook + +```yaml +--- +- hosts: servers + vars: + nrpe_server_allowed_hosts: + - 10.0.10.0/24 + - 10.0.11.2 + - 127.0.0.1 + nrpe_plugin_packages: + - nagios-plugins-disk + - nagios-plugins-nagios + - nagios-plugins-users + nrpe_command: + check_disk_all: + script: check_disk + option: -w 80 -c 90 + check_users: + script: check_users2 + option: -w 1 -c 1 + check_nagios: + script: check_nagios + option: -F /var/log/nagios/nagios.log -e 15 -C nagios + roles: + - { role: hspaans.nrpe, become: true } +``` + +## License + +MIT + +## Author Information + +This role was created in 2020 by [Hans Spaans](https://github.com/hspaans). diff --git a/roles/nrpe/defaults/main.yml b/roles/nrpe/defaults/main.yml new file mode 100644 index 0000000..eb4e055 --- /dev/null +++ b/roles/nrpe/defaults/main.yml @@ -0,0 +1,7 @@ +--- +nrpe_server_bind_address: 127.0.0.1 +nrpe_server_port: 5666 +nrpe_server_allowed_hosts: + - 127.0.0.1 +nrpe_server_dont_blame_nrpe: 0 +nrpe_package: "" diff --git a/roles/nrpe/handlers/main.yml b/roles/nrpe/handlers/main.yml new file mode 100644 index 0000000..bc99765 --- /dev/null +++ b/roles/nrpe/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart nrpe service + service: + name: "{{ nrpe_service }}" + state: restarted diff --git a/roles/nrpe/meta/.galaxy_install_info b/roles/nrpe/meta/.galaxy_install_info new file mode 100644 index 0000000..af8628a --- /dev/null +++ b/roles/nrpe/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: 'Sun 15 Aug 2021 06:14:47 PM ' +version: master diff --git a/roles/nrpe/meta/main.yml b/roles/nrpe/meta/main.yml new file mode 100644 index 0000000..a91c94a --- /dev/null +++ b/roles/nrpe/meta/main.yml @@ -0,0 +1,32 @@ +--- +galaxy_info: + role_name: nrpe + author: hspaans + description: Ansible Role for NRPE + + license: MIT + + min_ansible_version: 2.9 + + platforms: + - name: EL + versions: + - 7 + - 8 + - name: Debian + versions: + - buster + - bullseye + - name: Fedora + versions: + - 33 + - 34 + - name: Ubuntu + versions: + - bionic + - focal + + galaxy_tags: + - monitoring + +dependencies: [] diff --git a/roles/nrpe/molecule/os-family-debian/INSTALL.rst b/roles/nrpe/molecule/os-family-debian/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/nrpe/molecule/os-family-debian/converge.yml b/roles/nrpe/molecule/os-family-debian/converge.yml new file mode 100644 index 0000000..e0dfcb4 --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/converge.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: hspaans.nrpe diff --git a/roles/nrpe/molecule/os-family-debian/molecule.yml b/roles/nrpe/molecule/os-family-debian/molecule.yml new file mode 100644 index 0000000..2f6792c --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/molecule.yml @@ -0,0 +1,47 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint `git ls-files '*.yaml' '*.yml'` + ansible-lint + # flake8 +platforms: + - name: debian-10 + image: "ghcr.io/hspaans/molecule-container-debian:10" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: debian-11 + image: "ghcr.io/hspaans/molecule-container-debian:11" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: ubuntu-18.04 + image: "ghcr.io/hspaans/molecule-container-ubuntu:18.04" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: ubuntu-20.04 + image: "ghcr.io/hspaans/molecule-container-ubuntu:20.04" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + inventory: + group_vars: + all: + nrpe_plugin_packages: [] +verifier: + name: testinfra diff --git a/roles/nrpe/molecule/os-family-debian/prepare.yml b/roles/nrpe/molecule/os-family-debian/prepare.yml new file mode 100644 index 0000000..08b3225 --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/prepare.yml @@ -0,0 +1,27 @@ +--- +- name: Prepare + hosts: all + + pre_tasks: + - name: Update apt cache (on Debian). + apt: + update_cache: true + cache_valid_time: 3600 + when: ansible_os_family == 'Debian' + + - name: Remove packages + package: + name: apt-utils + state: present + when: ansible_os_family == 'Debian' + + - name: Update yum cache (on Redhat). + yum: + update_cache: true + when: ansible_os_family == 'RedHat' + + tasks: + - name: Remove packages + package: + name: git + state: absent diff --git a/roles/nrpe/molecule/os-family-debian/tests/conftest.py b/roles/nrpe/molecule/os-family-debian/tests/conftest.py new file mode 100644 index 0000000..ecbd854 --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/tests/conftest.py @@ -0,0 +1,23 @@ +"""PyTest Fixtures.""" +from __future__ import absolute_import + +import os + +import pytest + + +def pytest_runtest_setup(): + """Run tests only when under molecule with testinfra installed.""" + try: + # pylint: disable = import-outside-toplevel + import testinfra + except ImportError: + pytest.skip("Test requires testinfra", allow_module_level=True) + if "MOLECULE_INVENTORY_FILE" in os.environ: + pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] + ).get_hosts("all") + else: + pytest.skip( + "Test should run only from inside molecule.", allow_module_level=True + ) diff --git a/roles/nrpe/molecule/os-family-debian/tests/test_default.py b/roles/nrpe/molecule/os-family-debian/tests/test_default.py new file mode 100644 index 0000000..6171e73 --- /dev/null +++ b/roles/nrpe/molecule/os-family-debian/tests/test_default.py @@ -0,0 +1,11 @@ +"""Role testing files using testinfra.""" + +import pytest + + +@pytest.mark.parametrize("pkg", ["nagios-nrpe-server"]) +def test_pkg_installed(host, pkg): + """Test if package installed.""" + package = host.package(pkg) + + assert package.is_installed diff --git a/roles/nrpe/molecule/os-family-redhat/INSTALL.rst b/roles/nrpe/molecule/os-family-redhat/INSTALL.rst new file mode 100644 index 0000000..6a44bde --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/INSTALL.rst @@ -0,0 +1,22 @@ +******* +Docker driver installation guide +******* + +Requirements +============ + +* Docker Engine + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule[docker]' diff --git a/roles/nrpe/molecule/os-family-redhat/converge.yml b/roles/nrpe/molecule/os-family-redhat/converge.yml new file mode 100644 index 0000000..e0dfcb4 --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/converge.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: hspaans.nrpe diff --git a/roles/nrpe/molecule/os-family-redhat/molecule.yml b/roles/nrpe/molecule/os-family-redhat/molecule.yml new file mode 100644 index 0000000..519ea91 --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/molecule.yml @@ -0,0 +1,47 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: | + set -e + yamllint `git ls-files '*.yaml' '*.yml'` + ansible-lint + # flake8 +platforms: + - name: centos-7 + image: "ghcr.io/hspaans/molecule-container-centos:7" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: centos-8 + image: "ghcr.io/hspaans/molecule-container-centos:8" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: fedora-33 + image: "ghcr.io/hspaans/molecule-container-fedora:33" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true + - name: fedora-34 + image: "ghcr.io/hspaans/molecule-container-fedora:34" + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + inventory: + group_vars: + all: + nrpe_plugin_packages: [] +verifier: + name: testinfra diff --git a/roles/nrpe/molecule/os-family-redhat/prepare.yml b/roles/nrpe/molecule/os-family-redhat/prepare.yml new file mode 100644 index 0000000..08b3225 --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/prepare.yml @@ -0,0 +1,27 @@ +--- +- name: Prepare + hosts: all + + pre_tasks: + - name: Update apt cache (on Debian). + apt: + update_cache: true + cache_valid_time: 3600 + when: ansible_os_family == 'Debian' + + - name: Remove packages + package: + name: apt-utils + state: present + when: ansible_os_family == 'Debian' + + - name: Update yum cache (on Redhat). + yum: + update_cache: true + when: ansible_os_family == 'RedHat' + + tasks: + - name: Remove packages + package: + name: git + state: absent diff --git a/roles/nrpe/molecule/os-family-redhat/tests/conftest.py b/roles/nrpe/molecule/os-family-redhat/tests/conftest.py new file mode 100644 index 0000000..ecbd854 --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/tests/conftest.py @@ -0,0 +1,23 @@ +"""PyTest Fixtures.""" +from __future__ import absolute_import + +import os + +import pytest + + +def pytest_runtest_setup(): + """Run tests only when under molecule with testinfra installed.""" + try: + # pylint: disable = import-outside-toplevel + import testinfra + except ImportError: + pytest.skip("Test requires testinfra", allow_module_level=True) + if "MOLECULE_INVENTORY_FILE" in os.environ: + pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ["MOLECULE_INVENTORY_FILE"] + ).get_hosts("all") + else: + pytest.skip( + "Test should run only from inside molecule.", allow_module_level=True + ) diff --git a/roles/nrpe/molecule/os-family-redhat/tests/test_default.py b/roles/nrpe/molecule/os-family-redhat/tests/test_default.py new file mode 100644 index 0000000..39b5115 --- /dev/null +++ b/roles/nrpe/molecule/os-family-redhat/tests/test_default.py @@ -0,0 +1,11 @@ +"""Role testing files using testinfra.""" + +import pytest + + +@pytest.mark.parametrize("pkg", ["nrpe"]) +def test_pkg_installed(host, pkg): + """Test if package installed.""" + package = host.package(pkg) + + assert package.is_installed diff --git a/roles/nrpe/tasks/main.yml b/roles/nrpe/tasks/main.yml new file mode 100644 index 0000000..53a0d2f --- /dev/null +++ b/roles/nrpe/tasks/main.yml @@ -0,0 +1,68 @@ +--- +- name: Gather OS specific variables for nrpe + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml" + - "{{ ansible_distribution|lower }}.yml" + - "{{ ansible_os_family|lower }}.yml" + - "main.yml" + +- name: Enable CentOS-PowerTools repository + block: + + - name: Enable CentOS-PowerTools repository + yum_repository: + name: PowerTools + file: CentOS-PowerTools + description: CentOS-$releasever - PowerTool + mirrorlist: http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra + enabled: yes + gpgcheck: 1 + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial + + when: (ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_major_version'] == "8") + +- name: Enable CentOS-EPEL repository + block: + + - name: Enable CentOS-EPEL repository + package: + name: epel-release + state: present + + - name: Update yum cache (on Redhat). + yum: + update_cache: true + + when: (ansible_facts['distribution'] == 'CentOS') + +- name: Install NRPE service + package: + name: "{{ nrpe_package }}" + state: present + tags: + - packages + +- name: Install NRPE plugins + package: + name: "{{ nrpe_plugin_packages }}" + state: present + tags: + - packages + +- name: Create nrpe.cfg from template + template: + src: "nrpe_local.cfg.j2" + dest: "{{ nrpe_server_dir }}/nrpe_local.cfg" + owner: root + group: root + mode: "0644" + notify: restart nrpe service + tags: + - configuration + +- name: Ensure NRPE server is running + service: + name: "{{ nrpe_service }}" + state: started + enabled: true diff --git a/roles/nrpe/templates/nrpe_local.cfg.j2 b/roles/nrpe/templates/nrpe_local.cfg.j2 new file mode 100644 index 0000000..ab0ce5e --- /dev/null +++ b/roles/nrpe/templates/nrpe_local.cfg.j2 @@ -0,0 +1,11 @@ +{% if nrpe_server_allowed_hosts is defined %} +# Allowed_hosts +allowed_hosts={{ nrpe_server_allowed_hosts | join(',') }} +{% endif %} + +{% if nrpe_command is defined %} +# Commands +{% for command in nrpe_command %} +command[{{ command }}]={{ nrpe_server_plugins_dir }}/{{ nrpe_command[command]["script"] }} {{ nrpe_command[command]["option"] }} +{% endfor %} +{% endif %} diff --git a/roles/nrpe/tests/inventory b/roles/nrpe/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/roles/nrpe/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/roles/nrpe/tests/test.yml b/roles/nrpe/tests/test.yml new file mode 100644 index 0000000..e4efa3f --- /dev/null +++ b/roles/nrpe/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - hspaans.nrpe diff --git a/roles/nrpe/tox.ini b/roles/nrpe/tox.ini new file mode 100644 index 0000000..5277674 --- /dev/null +++ b/roles/nrpe/tox.ini @@ -0,0 +1,20 @@ +[tox] +minversion = 3.23.0 +envlist = py3 +skipsdist = true + +[testenv] +passenv = * +deps = + ansible-lint + molecule + molecule-docker + docker + flake8 + flake8-docstrings + flake8-pylint + pytest + pytest-testinfra + anisble +commands = + molecule test --all diff --git a/roles/nrpe/vars/debian.yml b/roles/nrpe/vars/debian.yml new file mode 100644 index 0000000..0884816 --- /dev/null +++ b/roles/nrpe/vars/debian.yml @@ -0,0 +1,7 @@ +--- +nrpe_service: nagios-nrpe-server +nrpe_server_dir: /etc/nagios +nrpe_server_plugins_dir: /usr/lib/nagios/plugins +nrpe_package: nagios-nrpe-server +nrpe_plugin_packages: + - monitoring-plugins diff --git a/roles/nrpe/vars/main.yml b/roles/nrpe/vars/main.yml new file mode 100644 index 0000000..0163faa --- /dev/null +++ b/roles/nrpe/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for nrpe diff --git a/roles/nrpe/vars/redhat.yml b/roles/nrpe/vars/redhat.yml new file mode 100644 index 0000000..42e6bde --- /dev/null +++ b/roles/nrpe/vars/redhat.yml @@ -0,0 +1,7 @@ +--- +nrpe_service: nrpe +nrpe_server_dir: /etc/nagios +nrpe_server_plugins_dir: /usr/lib64/nagios/plugins +nrpe_package: nrpe +nrpe_plugin_packages: + - nagios-plugins-all diff --git a/site.yml b/site.yml index 7f94766..a11b85e 100755 --- a/site.yml +++ b/site.yml @@ -40,6 +40,7 @@ # Fundamental daemon configuration - import_playbook: playbooks/zerotier.yml - import_playbook: playbooks/snmp.yml +- import_playbook: playbooks/nrpe.yml # Application configuration - import_playbook: playbooks/db.yml - import_playbook: playbooks/web.yml