Add NRPE role, provision checks for it

playbooks/nrpe.yml

@@ -0,0 +1,36 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+---
+- hosts: tags_nagios-nrpe
+  roles:
+    - role: nrpe
+      vars:
+        nrpe_server_bind_address: 0.0.0.0
+        nrpe_server_allowed_hosts:
+          - 172.23.0.0/16 # Entire Zerotier management network
+          - 45.79.24.6/32 # web3.desu.ltd
+        nrpe_plugin_packages:
+          - monitoring-plugins
+          - nagios-plugins-contrib
+        nrpe_command:
+          check_disk_all:
+            script: check_disk
+            option: -M -u GB -A -X tmpfs -X overlay -X shm -w 80% -c 90% -W 80% -K 90% -I '^/run/'
+          check_load:
+            script: check_load
+            option: -r -w 0.8,0.7,0.7 -c 1.0,0.9,0.9
+          check_swap:
+            script: check_swap
+            option: -n ok -w 70% -c 80%
+          check_users:
+            script: check_users
+            option: -w 3 -c 10
+      tags: [ nrpe ]
+- hosts: all
+  tasks:
+    - name: disable nrped when not tagged
+      systemd: name={{ item }} state=stopped enabled=no
+      with_items:
+        - nagios-nrpe-server.service
+      when: "'tags_nagios-nrpe' not in group_names and item in services"
+      tags: [ zerotier ]

playbooks/tasks/web/nagios-hosts.cfg.j2

@@ -55,6 +55,11 @@ define command {
 	command_name		check_snmp_storage_v3
 	command_line		/opt/Custom-Nagios-Plugins/check_snmp_storage.pl -H $HOSTADDRESS$ -l {{ secret_snmp_rouser_username }} -x {{ secret_snmp_rouser_password }} -X {{ secret_snmp_rouser_privacy_passphrase }} -L sha,aes -t 20 -m $ARG1$ -w $ARG2$ -c $ARG3$
 }
+define command {
+	# This command is included in the container image
+	command_name		check_nrpe
+	command_line		$USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
+}
 
 # Services for all hosts
 define service {
@@ -84,6 +89,26 @@ define service {
 	hostgroup_name		snmp
 }
 
+# Services for NRPE-capable hosts
+define service {
+	use			ansible-generic-service
+	service_description	NRPE Check Disk
+	check_command		check_nrpe!check_disk_all
+	hostgroup_name		nagios-nrpe
+}
+define service {
+	use			ansible-generic-service
+	service_description	NRPE Check Users
+	check_command		check_nrpe!check_users
+	hostgroup_name		nagios-nrpe
+}
+define service {
+	use			ansible-generic-service
+	service_description	NRPE Check Load
+	check_command		check_nrpe!check_load
+	hostgroup_name		nagios-nrpe
+}
+
 # Hostgroups
 # Everything here is dynamically-generated based on tags from Netbox
 {% for tag in query('netbox.netbox.nb_lookup', 'tags', api_endpoint='https://netbox.desu.ltd', token=netbox_token) %}

requirements.yml

@@ -57,3 +57,7 @@ roles:
   - name: snmpd
     src: oefenweb.snmpd
     version: master
+  # Upstream: https://github.com/hspaans/ansible-role-nrpe
+  - name: nrpe
+    src: hspaans.nrpe
+    version: master

roles/nrpe/.editorconfig

@@ -0,0 +1,46 @@
+# https://editorconfig.org/
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+end_of_line = lf
+charset = utf-8
+
+# Docstrings and comments use max_line_length = 79
+[*.py]
+insert_final_newline = true
+max_line_length = 119
+
+# Use 2 spaces for the HTML files
+[*.html]
+indent_size = 2
+
+# Use 2 spaces for the Markdown files
+[*.md]
+indent_size = 2
+insert_final_newline = true
+
+# The JSON files contain newlines inconsistently
+[*.json]
+indent_size = 2
+
+# Makefiles always use tabs for indentation
+[Makefile]
+indent_style = tab
+insert_final_newline = true
+
+# Batch files use tabs for indentation
+[*.bat]
+indent_style = tab
+insert_final_newline = true
+
+[docs/**.txt]
+insert_final_newline = true
+max_line_length = 79
+
+[*.yml]
+indent_size = 2
+insert_final_newline = true

roles/nrpe/.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 120

roles/nrpe/.github/dependabot.yml

@@ -0,0 +1,8 @@
+---
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    open-pull-requests-limit: 10

roles/nrpe/.github/settings.yml

@@ -0,0 +1,6 @@
+---
+repository:
+  description: Ansible Role for Nagios Remote Plugin Executor
+  topics: ansible, ansible-role, nagios, nrpe, agent, monitoring
+  delete_branch_on_merge: true
+  has_wiki: false

roles/nrpe/.github/stale.yml

@@ -0,0 +1,2 @@
+---
+_extends: .github:.github/stale.yml

roles/nrpe/.github/workflows/ansible-ci.yml

@@ -0,0 +1,46 @@
+---
+name: CI
+
+on:
+  pull_request:
+  schedule:
+    - cron: '30 5 15 * *'
+
+jobs:
+
+  lint:
+    name: Lint Code Base
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v2.3.4
+
+      - name: Lint Code Base
+        uses: github/super-linter@v4.6.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  molecule:
+    needs: lint
+    name: Molecule
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the codebase
+        uses: actions/checkout@v2.3.4
+
+      - name: Set up Python 3
+        uses: actions/setup-python@v2.2.2
+        with:
+          python-version: "3.x"
+
+      - name: Install Tox
+        run: |
+          pip3 install tox
+
+      - name: Run Molecule tests
+        run: tox
+        env:
+          PY_COLORS: "1"
+          ANSIBLE_FORCE_COLOR: "1"

roles/nrpe/.github/workflows/ansible-release.yml

@@ -0,0 +1,21 @@
+---
+name: Release to Ansible Galaxy
+
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+
+jobs:
+  release:
+    name: Release to Ansible Galaxy
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Release Ansible Role to Galaxy
+        uses: hspaans/ansible-galaxy-action@v0.3.3
+        with:
+          api_key: ${{ secrets.galaxy_api_key }}

roles/nrpe/.github/workflows/codeql-analysis.yml

@@ -0,0 +1,59 @@
+---
+name: "CodeQL"
+
+on:
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: "35 22 * * 4"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["python"]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
+
+      #- run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

roles/nrpe/.gitignore

@@ -0,0 +1,15 @@
+## Ansible
+*.retry
+.ansible_cache
+
+## Molecule
+.cache
+.molecule
+.tox
+.vagrant
+
+## Python
+.pytest_cache/
+__pycache__/
+*.py[cod]
+*$py.class

roles/nrpe/.yamllint.yml

@@ -0,0 +1,12 @@
+---
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable

roles/nrpe/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Hans Spaans
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

roles/nrpe/README.md

@@ -0,0 +1,51 @@
+# Role Name
+
+Install and configure NRPE
+
+## Requirements
+
+None as the nrpe package is being installed.
+
+## Role Variables
+
+Default variables are set in `defaults/main.yml`.
+
+## Dependencies
+
+No dependency on other Ansible Galaxy roles.
+
+## Example Playbook
+
+```yaml
+---
+- hosts: servers
+  vars:
+    nrpe_server_allowed_hosts:
+      - 10.0.10.0/24
+      - 10.0.11.2
+      - 127.0.0.1
+    nrpe_plugin_packages:
+      - nagios-plugins-disk
+      - nagios-plugins-nagios
+      - nagios-plugins-users
+    nrpe_command:
+      check_disk_all:
+        script: check_disk
+        option: -w 80 -c 90
+      check_users:
+        script: check_users2
+        option: -w 1 -c 1
+      check_nagios:
+        script: check_nagios
+        option: -F /var/log/nagios/nagios.log -e 15 -C nagios
+  roles:
+    - { role: hspaans.nrpe, become: true }
+```
+
+## License
+
+MIT
+
+## Author Information
+
+This role was created in 2020 by [Hans Spaans](https://github.com/hspaans).

roles/nrpe/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+nrpe_server_bind_address: 127.0.0.1
+nrpe_server_port: 5666
+nrpe_server_allowed_hosts:
+  - 127.0.0.1
+nrpe_server_dont_blame_nrpe: 0
+nrpe_package: ""

roles/nrpe/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart nrpe service
+  service:
+    name: "{{ nrpe_service }}"
+    state: restarted

roles/nrpe/meta/.galaxy_install_info

@@ -0,0 +1,2 @@
+install_date: 'Sun 15 Aug 2021 06:14:47 PM '
+version: master

roles/nrpe/meta/main.yml

@@ -0,0 +1,32 @@
+---
+galaxy_info:
+  role_name: nrpe
+  author: hspaans
+  description: Ansible Role for NRPE
+
+  license: MIT
+
+  min_ansible_version: 2.9
+
+  platforms:
+    - name: EL
+      versions:
+        - 7
+        - 8
+    - name: Debian
+      versions:
+        - buster
+        - bullseye
+    - name: Fedora
+      versions:
+        - 33
+        - 34
+    - name: Ubuntu
+      versions:
+        - bionic
+        - focal
+
+  galaxy_tags:
+    - monitoring
+
+dependencies: []

roles/nrpe/molecule/os-family-debian/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'

roles/nrpe/molecule/os-family-debian/converge.yml

@@ -0,0 +1,5 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: hspaans.nrpe

roles/nrpe/molecule/os-family-debian/molecule.yml

@@ -0,0 +1,47 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint `git ls-files '*.yaml' '*.yml'`
+  ansible-lint
+  # flake8
+platforms:
+  - name: debian-10
+    image: "ghcr.io/hspaans/molecule-container-debian:10"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: debian-11
+    image: "ghcr.io/hspaans/molecule-container-debian:11"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: ubuntu-18.04
+    image: "ghcr.io/hspaans/molecule-container-ubuntu:18.04"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: ubuntu-20.04
+    image: "ghcr.io/hspaans/molecule-container-ubuntu:20.04"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      all:
+        nrpe_plugin_packages: []
+verifier:
+  name: testinfra

roles/nrpe/molecule/os-family-debian/prepare.yml

@@ -0,0 +1,27 @@
+---
+- name: Prepare
+  hosts: all
+
+  pre_tasks:
+    - name: Update apt cache (on Debian).
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+      when: ansible_os_family == 'Debian'
+
+    - name: Remove packages
+      package:
+        name: apt-utils
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Update yum cache (on Redhat).
+      yum:
+        update_cache: true
+      when: ansible_os_family == 'RedHat'
+
+  tasks:
+    - name: Remove packages
+      package:
+        name: git
+        state: absent

roles/nrpe/molecule/os-family-debian/tests/conftest.py

@@ -0,0 +1,23 @@
+"""PyTest Fixtures."""
+from __future__ import absolute_import
+
+import os
+
+import pytest
+
+
+def pytest_runtest_setup():
+    """Run tests only when under molecule with testinfra installed."""
+    try:
+        # pylint: disable = import-outside-toplevel
+        import testinfra
+    except ImportError:
+        pytest.skip("Test requires testinfra", allow_module_level=True)
+    if "MOLECULE_INVENTORY_FILE" in os.environ:
+        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+            os.environ["MOLECULE_INVENTORY_FILE"]
+        ).get_hosts("all")
+    else:
+        pytest.skip(
+            "Test should run only from inside molecule.", allow_module_level=True
+        )

roles/nrpe/molecule/os-family-debian/tests/test_default.py

@@ -0,0 +1,11 @@
+"""Role testing files using testinfra."""
+
+import pytest
+
+
+@pytest.mark.parametrize("pkg", ["nagios-nrpe-server"])
+def test_pkg_installed(host, pkg):
+    """Test if package installed."""
+    package = host.package(pkg)
+
+    assert package.is_installed

roles/nrpe/molecule/os-family-redhat/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'

roles/nrpe/molecule/os-family-redhat/converge.yml

@@ -0,0 +1,5 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: hspaans.nrpe

roles/nrpe/molecule/os-family-redhat/molecule.yml

@@ -0,0 +1,47 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint `git ls-files '*.yaml' '*.yml'`
+  ansible-lint
+  # flake8
+platforms:
+  - name: centos-7
+    image: "ghcr.io/hspaans/molecule-container-centos:7"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: centos-8
+    image: "ghcr.io/hspaans/molecule-container-centos:8"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: fedora-33
+    image: "ghcr.io/hspaans/molecule-container-fedora:33"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+  - name: fedora-34
+    image: "ghcr.io/hspaans/molecule-container-fedora:34"
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  inventory:
+    group_vars:
+      all:
+        nrpe_plugin_packages: []
+verifier:
+  name: testinfra

roles/nrpe/molecule/os-family-redhat/prepare.yml

@@ -0,0 +1,27 @@
+---
+- name: Prepare
+  hosts: all
+
+  pre_tasks:
+    - name: Update apt cache (on Debian).
+      apt:
+        update_cache: true
+        cache_valid_time: 3600
+      when: ansible_os_family == 'Debian'
+
+    - name: Remove packages
+      package:
+        name: apt-utils
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Update yum cache (on Redhat).
+      yum:
+        update_cache: true
+      when: ansible_os_family == 'RedHat'
+
+  tasks:
+    - name: Remove packages
+      package:
+        name: git
+        state: absent

roles/nrpe/molecule/os-family-redhat/tests/conftest.py

@@ -0,0 +1,23 @@
+"""PyTest Fixtures."""
+from __future__ import absolute_import
+
+import os
+
+import pytest
+
+
+def pytest_runtest_setup():
+    """Run tests only when under molecule with testinfra installed."""
+    try:
+        # pylint: disable = import-outside-toplevel
+        import testinfra
+    except ImportError:
+        pytest.skip("Test requires testinfra", allow_module_level=True)
+    if "MOLECULE_INVENTORY_FILE" in os.environ:
+        pytest.testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+            os.environ["MOLECULE_INVENTORY_FILE"]
+        ).get_hosts("all")
+    else:
+        pytest.skip(
+            "Test should run only from inside molecule.", allow_module_level=True
+        )

roles/nrpe/molecule/os-family-redhat/tests/test_default.py

@@ -0,0 +1,11 @@
+"""Role testing files using testinfra."""
+
+import pytest
+
+
+@pytest.mark.parametrize("pkg", ["nrpe"])
+def test_pkg_installed(host, pkg):
+    """Test if package installed."""
+    package = host.package(pkg)
+
+    assert package.is_installed

roles/nrpe/tasks/main.yml

@@ -0,0 +1,68 @@
+---
+- name: Gather OS specific variables for nrpe
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_distribution|lower }}.yml"
+    - "{{ ansible_os_family|lower }}.yml"
+    - "main.yml"
+
+- name: Enable CentOS-PowerTools repository
+  block:
+
+    - name: Enable CentOS-PowerTools repository
+      yum_repository:
+        name: PowerTools
+        file: CentOS-PowerTools
+        description: CentOS-$releasever - PowerTool
+        mirrorlist: http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=PowerTools&infra=$infra
+        enabled: yes
+        gpgcheck: 1
+        gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+
+  when: (ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_major_version'] == "8")
+
+- name: Enable CentOS-EPEL repository
+  block:
+
+    - name: Enable CentOS-EPEL repository
+      package:
+        name: epel-release
+        state: present
+
+    - name: Update yum cache (on Redhat).
+      yum:
+        update_cache: true
+
+  when: (ansible_facts['distribution'] == 'CentOS')
+
+- name: Install NRPE service
+  package:
+    name: "{{ nrpe_package }}"
+    state: present
+  tags:
+    - packages
+
+- name: Install NRPE plugins
+  package:
+    name: "{{ nrpe_plugin_packages }}"
+    state: present
+  tags:
+    - packages
+
+- name: Create nrpe.cfg from template
+  template:
+    src: "nrpe_local.cfg.j2"
+    dest: "{{ nrpe_server_dir }}/nrpe_local.cfg"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: restart nrpe service
+  tags:
+    - configuration
+
+- name: Ensure NRPE server is running
+  service:
+    name: "{{ nrpe_service }}"
+    state: started
+    enabled: true

roles/nrpe/templates/nrpe_local.cfg.j2

@@ -0,0 +1,11 @@
+{% if nrpe_server_allowed_hosts is defined %}
+# Allowed_hosts
+allowed_hosts={{ nrpe_server_allowed_hosts | join(',') }}
+{% endif %}
+
+{% if nrpe_command is defined %}
+# Commands
+{% for command in nrpe_command %}
+command[{{ command }}]={{ nrpe_server_plugins_dir }}/{{ nrpe_command[command]["script"] }} {{ nrpe_command[command]["option"] }}
+{% endfor %}
+{% endif %}

roles/nrpe/tests/inventory

@@ -0,0 +1 @@
+localhost

roles/nrpe/tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - hspaans.nrpe

roles/nrpe/tox.ini

@@ -0,0 +1,20 @@
+[tox]
+minversion = 3.23.0
+envlist = py3
+skipsdist = true
+
+[testenv]
+passenv = *
+deps =
+    ansible-lint
+    molecule
+    molecule-docker
+    docker
+    flake8
+    flake8-docstrings
+    flake8-pylint
+    pytest
+    pytest-testinfra
+    anisble
+commands =
+    molecule test --all

roles/nrpe/vars/debian.yml

@@ -0,0 +1,7 @@
+---
+nrpe_service: nagios-nrpe-server
+nrpe_server_dir: /etc/nagios
+nrpe_server_plugins_dir: /usr/lib/nagios/plugins
+nrpe_package: nagios-nrpe-server
+nrpe_plugin_packages:
+  - monitoring-plugins

roles/nrpe/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for nrpe

roles/nrpe/vars/redhat.yml

@@ -0,0 +1,7 @@
+---
+nrpe_service: nrpe
+nrpe_server_dir: /etc/nagios
+nrpe_server_plugins_dir: /usr/lib64/nagios/plugins
+nrpe_package: nrpe
+nrpe_plugin_packages:
+  - nagios-plugins-all

site.yml

@@ -40,6 +40,7 @@
   # Fundamental daemon configuration
 - import_playbook: playbooks/zerotier.yml
 - import_playbook: playbooks/snmp.yml
+- import_playbook: playbooks/nrpe.yml
   # Application configuration
 - import_playbook: playbooks/db.yml
 - import_playbook: playbooks/web.yml