Add some sudo rules to nagios-checker so it can start doing restricted checks

2021-12-15 19:57:08 -06:00 · 2021-12-15 19:57:08 -06:00 · 54a4f1539b
commit 54a4f1539b
parent 4b626dc6be
1 changed files with 10 additions and 0 deletions
--- a/playbooks/tags_nagios.yml
+++ b/playbooks/tags_nagios.yml
@ -22,6 +22,16 @@
        state: present
        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNavw28C0mKIQVRLQDW2aoovliU1XCGaenDhIMwumK/ Nagios monitoring"
      tags: [ nagios ]
+    - name: assure nagios user sudo rule file
+      file: path=/etc/sudoers.d/50-nagios-checker mode=0750 owner=root group=root state=touch modification_time=preserve access_time=preserve
+      tags: [ nagios, sudo ]
+    - name: assure nagios user sudo rules
+      lineinfile:
+        path: /etc/sudoers.d/50-nagios-checker
+        line: "nagios-checker ALL = (root) NOPASSWD: {{ item }}"
+      with_items:
+        - /usr/lib/nagios/plugins/check_disk
+      tags: [ nagios, sudo ]
 - hosts: all
  tasks:
    - name: disable nagios user when not tagged